Page 408 of 4453 results (0.018 seconds)

CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not limited to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. • https://bugzilla.redhat.com/show_bug.cgi?id=2188396 https://github.com/torvalds/linux/commit/92fbb6d1296f https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://access.redhat.com/security/cve/CVE-2023-2194 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=2177382 https://access.redhat.com/security/cve/CVE-2023-28327 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. A NULL pointer dereference issue was found in the can protocol in net/can/af_can.c in the Linux kernel, where ml_priv may not be initialized in the receive path of CAN frames. This flaw allows a local user to crash the system or cause a denial of service. • https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com https://access.redhat.com/security/cve/CVE-2023-2166 https://bugzilla.redhat.com/show_bug.cgi?id=2187813 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. • https://lore.kernel.org/netdev/bc7bd3183f1c275c820690fc65b708238fe9e38e.1668807842.git.lucien.xin%40gmail.com/T/#u https://access.redhat.com/security/cve/CVE-2023-1382 https://bugzilla.redhat.com/show_bug.cgi?id=2177371 • CWE-476: NULL Pointer Dereference •

CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0

A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. A use-after-free flaw was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in the SCSI sub-component in the Linux Kernel. This issue could allow an attacker to leak kernel internal information. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://www.spinics.net/lists/linux-scsi/msg181542.html https://access.redhat.com/security/cve/CVE-2023-2162 https://bugzilla.redhat.com/show_bug.cgi?id=2187773 • CWE-416: Use After Free •