Page 4 of 43 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0

An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. Se detectó un problema en el kernel de Linux versiones anteriores a 5.5.4. La función mwifiex_cmd_append_vsie_tlv() en el archivo drivers/net/wireless/marvell/mwifiex/scan.c permite a usuarios locales alcanzar privilegios o causar una denegación de servicio debido a una memcpy incorrecta y al desbordamiento del búfer, también se conoce como CID-b70261a288ea. A flaw was found in the way the mwifiex_cmd_append_vsie_tlv() in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://www.openwall.com/lists/oss-security/2020/05/08/2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 7.0EPSS: 0%CPEs: 44EXPL: 0

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. En el kernel de Linux versión 4.9 hasta la versión 5.6.7, en la plataforma s390, una ejecución de código puede presentarse debido a una condición de carrera, como es demostrado por el código en la función enable_sacf_uaccess en el archivo arch/s390/lib/uaccess.c que presenta un fallo al proteger contra una actualización concurrente de la tabla de página, también se conoce como CID-3f777e19d171. Tambíen podría ocurrir un bloqueo A flaw was found in the Linux kernel on s390 architecture. The issue occurs on multiprocessing systems when one s390 CPU is in Secondary Address Mode and another CPU does a kernel page table upgrade. • https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW https://lists.fedoraproject.org/archives/list/package-announce%4 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-1251: Mirrored Regions with Different Values •

CVSS: 8.8EPSS: 0%CPEs: 52EXPL: 6

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) En el kernel de Linux versiones 5.5.0 y más recientes, el verificador bpf (kernel/bpf/verifier.c) no restringió apropiadamente los límites de registro para operaciones de 32 bits, conllevando a lecturas y escrituras fuera de límites en la memoria del kernel. La vulnerabilidad también afecta a la serie estable de Linux versión 5.4, comenzando con la versión v5.4.7, ya que el commit de introducción fue respaldado en esa derivación. • https://github.com/zilong3033/CVE-2020-8835 https://github.com/digamma-ai/CVE-2020-8835-verification https://github.com/SplendidSky/CVE-2020-8835 https://github.com/Prabhashaka/Exploitation-CVE-2020-8835 https://github.com/johnatag/INF8602-CVE-2020-8835 http://www.openwall.com/lists/oss-security/2021/07/20/1 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef https://git.kernel.org/pub/scm/linux/kernel/git/torvald • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 63EXPL: 0

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. Se detectó que la solución para el kernel de Linux en Ubuntu versión 18.04 LTS para CVE-2019-14615 ("El kernel de Linux no borró apropiadamente las estructuras de datos en los conmutadores de contexto para determinados procesadores gráficos de Intel") estaba incompleta, lo que significa que en las versiones de kernel anteriores a 4.15.0-91.92, un atacante podría usar esta vulnerabilidad para exponer información confidencial. • https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 https://security.netapp.com/advisory/ntap-20200430-0004 https://usn.ubuntu.com/usn/usn-4302-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. La función flow_dissector en el kernel de Linux 4.3 a 5.x anterior a la versión 5.3.10 tiene una vulnerabilidad de seguimiento del dispositivo, también conocida como CID-55667441c84f. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20200204-0002 https://www.computer.org/csdl/proceedings-article/sp/2020/349700b594/1j2LgrHDR2o https://access.redhat.com/security/cve/CVE-2019-18282 https://bugzilla.redhat.com/show_bug.cgi?id=1796360 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •