Page 437 of 2260 results (0.013 seconds)

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. A race condition vulnerability was found in the Linux kernel's Qualcomm EMAC Gigabit Ethernet Controller when the user physically removes the device before cleanup in the emac_remove function. This flaw can eventually result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors. • https://bugzilla.redhat.com/show_bug.cgi?id=2192667 https://bugzilla.suse.com/show_bug.cgi?id=1210685 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75 https://access.redhat.com/security/cve/CVE-2023-33203 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4831 https://access.redhat.com/security/cve/CVE-2023-33951 https://bugzilla.redhat.com/show_bug.cgi?id=2218195 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •

CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. Se encontró una falla en el ksmbd del kernel de Linux, un servidor SMB de alto rendimiento en el kernel. • https://access.redhat.com/security/cve/CVE-2023-32258 https://bugzilla.redhat.com/show_bug.cgi?id=2219809 https://security.netapp.com/advisory/ntap-20230915-0011 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-32252 https://bugzilla.redhat.com/show_bug.cgi?id=2219815 https://security.netapp.com/advisory/ntap-20231124-0001 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590 • CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-32254 https://bugzilla.redhat.com/show_bug.cgi?id=2191658 https://security.netapp.com/advisory/ntap-20230824-0004 https://www.zerodayinitiative.com/advisories/ZDI-23-702 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •