Page 389 of 2724 results (0.016 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y&id=788d0824269bef539fe31a785b1517882eafed93 https://github.com/gregkh/linux/commit/1e6fa5216a0e59ef02e8b6b40d553238a3b81d49 https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1

A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service. Se encontró una falla de use-after-free en io_uring/filetable.c en io_install_fixed_file en el subcomponente io_uring en el kernel de Linux durante la limpieza de llamadas. Este defecto puede dar lugar a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2163723 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-416: Use After Free •

CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 1

A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. Se encontró una falla de use-after-free en io_uring/poll.c en io_poll_check_events en el subcomponente io_uring en el kernel de Linux debido a una condición de ejecución de poll_refs. Este defecto puede provocar una desreferencia del puntero NULL. • https://bugzilla.redhat.com/show_bug.cgi?id=2164024 • CWE-416: Use After Free •

CVSS: 7.9EPSS: 0%CPEs: 6EXPL: 0

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem. Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4 https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1 https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://access.redhat.com/security/cve/CVE-2023-0266 https://bugzilla.redhat.com/show_bug • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17 https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230302-0005 https://access.redhat.com/security/cve/CVE-2023-0394 https://bugzilla.redhat.com/show_bug.cgi?id=2162120 • CWE-476: NULL Pointer Dereference •