Page 415 of 2775 results (0.026 seconds)

CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 2

A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. Se encontró un fallo en el Kernel de Linux porque el acceso a la variable global fg_console no está correctamente sincronizado, conllevando a un uso de la memoria previamente liberada en la función con_font_op • http://www.openwall.com/lists/oss-security/2020/10/30/1 http://www.openwall.com/lists/oss-security/2020/11/04/3 https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://security.netapp.com/advisory/ntap-20210702-0005 https:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-662: Improper Synchronization •

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. La función mwifiex_cmd_802_11_ad_hoc_start en el archivo drivers/net/wireless/marvell/mwifiex/join.c en el kernel de Linux versiones hasta 5.10.4, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un valor SSID grande, también se conoce como CID-5c455c5ab332 A flaw was found in the Linux kernel. The marvell wifi driver could allow a local attacker to execute arbitrary code via a long SSID value in mwifiex_cmd_802_11_ad_hoc_start function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c455c5ab332773464d02ba17015acdca198f03d https://github.com/torvalds/linux/commit/5c455c5ab332773464d02ba17015acdca198f03d https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCHBIRS27VMOGMBHPWP2R7SZRFXT6O6U https://lore.kernel.org/r/20201206084801.26479-1-ruc_zhangxiaohui%40163.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. • https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html https://security.gentoo.org/glsa/202107-30 https://security.netapp.com/advisory/ntap-20210205-0001 https://www.debian.org/security/2021/dsa-4843 https://xenbits.xenproject.org/xsa/advisory-350.html • CWE-416: Use After Free •

CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 2

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. Se encontró un fallo en la manera en que RTAS manejaba los accesos a la memoria en el espacio de usuario para la comunicación del kernel. En un sistema invitado bloqueado (generalmente debido al arranque seguro) que se ejecuta en la parte superior de los hipervisores PowerVM o KVM (plataforma pseries), un usuario root como local podría usar este fallo para aumentar aún más sus privilegios a los de un kernel en ejecución A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1900844 https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764 https://www.openwall.com/lists/oss-security/2020/10/09/1 https://www.openwall.com/lists/oss-security/2020/11/23/2 https://access.redhat.com/security/cve/CVE-2020-27777 • CWE-862: Missing Authorization •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 3

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en la implementación de MIDI en el kernel de Linux, donde un atacante con una cuenta local y los permisos para emitir comandos ioctl a dispositivos midi podría desencadenar un problema de uso después de la liberación. Una escritura en esta memoria específica mientras está liberada y antes de su uso hace que el flujo de ejecución cambie y posiblemente permita la corrupción de memoria o la escalada de privilegios. • https://github.com/kiks7/CVE-2020-27786-Kernel-Exploit https://github.com/elbiazo/CVE-2020-27786 https://github.com/ii4gsp/CVE-2020-27786 http://www.openwall.com/lists/oss-security/2020/12/03/1 https://bugzilla.redhat.com/show_bug.cgi?id=1900933 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d https://security.netapp.com/advisory/ntap-20210122-0002 https://access.redhat.com/security/cve/CVE-2020-27786 • CWE-416: Use After Free •