Page 388 of 2760 results (0.033 seconds)

CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. Fue descubierto un fallo en el kernel de Linux anterior a 4.20. Hay una condición de carrera en smp_task_timedout() y smp_task_done() en drivers/scsi/libsas/sas_expander.c, permitiendo el uso después de liberación de memoria. A flaw was found in the Linux kernel’s implementation of the SAS expander subsystem, where a race condition exists in the smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://www.securityfocus.com/bid/108196 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html https://lists.debian.org/debian-lts-announce/2019/08/msg00017.h • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 7.8EPSS: 1%CPEs: 12EXPL: 0

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. Fue descubierto un fallo en el kernel de Linux anterior a 5.0.7. Una desreferencia de puntero NULL puede ocurrir cuando falla megasas_create_frame_pool() en megasas_alloc_cmds() en drivers/scsi/megaraid/megaraid_sas_base.c. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html http://www.securityfocus.com/bid/108286 https://access.redhat.com/errata/RHSA-2019:1959 https://access.redhat.com/errata/RHSA-2019:1971 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2736 https://access.redhat.com/errata/RHSA-2019:2837 https • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •

CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 4

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. La implementación del coredump en el kernel de Linux en versiones anteriores a 5.0.10, no utiliza mecanismos de bloqueo u otros mecanismos para evitar cambios en el layout de vma o en los flags vma mientras se ejecuta, lo que permite a los usuarios locales obtener información sensible, causar una denegación de servicio o posiblemente tener otro impacto no especificado al activar una condición de carrera con llamadas mmget_not_zero o get_task_mm. Esto está relacionado con fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, y drivers/infiniband/core/uverbs_main.c A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service (DoS), or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. • https://www.exploit-db.com/exploits/46781 http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/04/29/1 http://www.openwall.com/lists/oss-security/2019/04/29/2 http://www& • CWE-667: Improper Locking •

CVSS: 7.7EPSS: 0%CPEs: 29EXPL: 0

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. Se encontró un problema de bucle infinito en el módulo del núcleo vhost_net en el kernel de Linux versiones anteriores a 5.1-rc6 inclusive, mientras manejaba los paquetes entrantes en handle_rx(). Puede ocurrir cuando un extremo envía los paquetes más rápido de lo que el otro extremo los procesa. • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/108076 https://access.redhat.com/errata/RHSA-2019:1973 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3220 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3836 http • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 2

The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. El kernel de Linux, en versiones anteriores a 5.1-rc5, permite el desbordamiento de la cuenta de referencia de página->_refcount, con los consiguientes problemas de uso de memoria después de su liberación, si existen alrededor de 140 GiB de RAM. Esto está relacionado con fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, y mm/hugetlb.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://www.openwall.com/lists/oss-security/2019/04/29/1 http://www.securityfocus.com/bid/108054 https://access.redhat.com/errata/RHSA-2019:2703 https://access.redhat.com/errata/RHSA-2019:2741 https://access.redhat.com/errata/RHSA-2020:0174 https://bugs.chrom • CWE-416: Use After Free •