Page 398 of 2697 results (0.025 seconds)

CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. Se ha encontrado un problema de pérdida de memoria en el algoritmo de generación de puertos de origen TCP en el archivo net/ipv4/tcp.c debido al pequeño tamaño de la tabla de perturbación. Este fallo puede permitir a un atacante un filtrado de información y puede causar un problema de denegación de servicio The Linux kernel's TCP source port generation algorithm in the TCP stack contains a flaw due to the small table perturb size. This flaw allows an attacker to positively distinguish a system among devices with identical hardware and software, which lasts until the device restarts. An attacker can guess the evolution of the internal state used for source port generation. • https://bugzilla.redhat.com/show_bug.cgi?id=2064604 https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T https://security.netapp.com/advisory/ntap-20221020-0006 https://access.redhat.com/security/cve/CVE-2022-1012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. Se encontró un problema de desreferencia de puntero NULL en KVM cuando es liberada una vCPU con el soporte de anillo sucio habilitado. Este fallo permite a un atacante local no privilegiado en el host emitir llamadas ioctl específicas, causando una condición de oops en el kernel que resulta en una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-1263 https://bugzilla.redhat.com/show_bug.cgi?id=2072698 https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4 https://www.openwall.com/lists/oss-security/2022/04/07/1 • CWE-476: NULL Pointer Dereference •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. El kernel de Linux anterior a la versión 5.17.9 permite a los servidores TCP identificar a los clientes observando qué puertos de origen se utilizan. Esto ocurre debido al uso del Algoritmo 4 ("Double-Hash Port Selection Algorithm") del RFC 6056 • https://arxiv.org/abs/2209.12993 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 https://github.com/0xkol/rfc6056-device-tracker https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://www.debian.org/security/2022/dsa-5173 • CWE-330: Use of Insufficiently Random Values •

CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 6

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. El archivo net/netfilter/nf_tables_api.c en el kernel de Linux versiones hasta 5.18.1, permite a un usuario local (capaz de crear espacios de nombres de usuario/red) escalar privilegios a root porque una comprobación incorrecta de NFT_STATEFUL_EXPR conlleva a un uso de memoria previamente liberada A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nf_tables_expr_destroy method. • https://github.com/theori-io/CVE-2022-32250-exploit https://github.com/ysanatomic/CVE-2022-32250-LPE https://github.com/Kristal-g/CVE-2022-32250 http://www.openwall.com/lists/oss-security/2022/06/03/1 http://www.openwall.com/lists/oss-security/2022/06/04/1 http://www.openwall.com/lists/oss-security/2022/06/20/1 http://www.openwall.com/lists/oss-security/2022/07/03/5 http://www.openwall.com/lists/oss-security/2022/07/03/6 http://www.openwall&# • CWE-416: Use After Free •

CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. Con shadow paging habilitada, la instrucción INVPCID resulta en una llamada a kvm_mmu_invpcid_gva. Si INVPCID es ejecutado con CR0.PG=0, la llamada de retorno invlpg no es establecida y el resultado es una desreferencia de puntero NULL A flaw was found in KVM. With shadow paging enabled if INVPCID is executed with CR0.PG=0, the invlpg callback is not set, and the result is a NULL pointer dereference. • https://bugzilla.redhat.com/show_bug.cgi?id=1832397 https://francozappa.github.io/about-bias https://kb.cert.org/vuls/id/647177 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6JP355XFVAB33X4BNO3ERVTURFYEDB7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBUOQTNTQ4ZCXHOCNKYIL2ZUIAZ675RD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KCEAPIVPRTJHKPF2A2HVF5XHD5XJT3MN https://www.debian.org/security • CWE-476: NULL Pointer Dereference •