Page 380 of 2820 results (0.015 seconds)

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. Se encontró un desbordamiento de búfer en la región heap de la memoria en el subsistema LightNVM del kernel de Linux. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8 https://www.zerodayinitiative.com/advisories/ZDI-22-960 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. Se presentan vulnerabilidades de uso de memoria previamente liberada causadas por el manejador del temporizador en el archivo net/rose/rose_timer.c de linux que permiten a atacantes bloquear el kernel de linux sin ningún privilegio • https://github.com/torvalds/linux/commit/9cc02ede696272c5271a401e4f27c262359bc2f6 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://security.netapp.com/advisory/ntap-20230120-0001 https://www.debian.org/security/2022/dsa-5191 • CWE-416: Use After Free •

CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Unas fuga de datos de frontends de disco/NIC de Linux Este registro de información de CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a qué CVE.] Las interfaces de dispositivos Linux Block y Network PV no ponen a cero las regiones de memoria antes de compartirlas con el backend (CVE-2022-26365, CVE-2022-33740). • http://www.openwall.com/lists/oss-security/2022/07/05/6 http://xenbits.xen.org/xsa/advisory-403.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://www.debian.org/security/2022/dsa-5191 https://xenbits.xenproject.org/xsa/advisory-403&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Unas fuga de datos de frontends de disco/NIC de Linux Este registro de información de CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a qué CVE.] Las interfaces de dispositivos Linux Block y Network PV no ponen a cero las regiones de memoria antes de compartirlas con el backend (CVE-2022-26365, CVE-2022-33740). • http://www.openwall.com/lists/oss-security/2022/07/05/6 http://xenbits.xen.org/xsa/advisory-403.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://www.debian.org/security/2022/dsa-5191 https://xenbits.xenproject.org/xsa/advisory-403&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Unas fuga de datos de frontends de disco/NIC de Linux Este registro de información de CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a qué CVE.] Las interfaces de dispositivos Linux Block y Network PV no ponen a cero las regiones de memoria antes de compartirlas con el backend (CVE-2022-26365, CVE-2022-33740). • http://www.openwall.com/lists/oss-security/2022/07/05/6 http://xenbits.xen.org/xsa/advisory-403.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://www.debian.org/security/2022/dsa-5191 https://xenbits.xenproject.org/xsa/advisory-403&# • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •