Page 429 of 2260 results (0.018 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. A double-free flaw was found in u32_set_parms in net/sched/cls_u32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.neta • CWE-415: Double Free CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system. • https://access.redhat.com/security/cve/CVE-2023-0160 https://bugzilla.redhat.com/show_bug.cgi?id=2159764 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56 https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com • CWE-667: Improper Locking CWE-833: Deadlock •

CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0

An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d https://security.netapp.com/advisory/ntap-20230831-0002 • CWE-125: Out-of-bounds Read •

CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0

An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length. Se descubrió un problema en el kernel de Linux antes de 6.3.4. KSMBD tiene una lectura fuera de los límites en smb2_find_context_vals cuando el name_len de create_context es mayor que la longitud de la etiqueta. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=02f76c401d17e409ed45bf7887148fcc22c93c85 https://security.netapp.com/advisory/ntap-20230915-0010 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=f1a411873c85b642f13b01f21b534c2bab81fc1b https://security.netapp.com/advisory/ntap-20230824-0011 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •