Page 446 of 2260 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4f1dc7d9756e66f3f876839ea174df2e656b7f79 https://security.netapp.com/advisory/ntap-20230505-0002 •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=467333af2f7b95eeaa61a5b5369a80063cd971fd https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/fs/ntfs3?id=467333af2f7b95eeaa61a5b5369a80063cd971fd https://security.netapp.com/advisory/ntap-20230413-0006 • CWE-763: Release of Invalid Pointer or Reference •

CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). A use-after-free flaw was found in the do_tls_getsockopt function in net/tls/tls_main.c in the Transport Layer Security (TLS) in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://security.netapp.com/advisory/ntap-20230427-0006 https://access.redhat.com/security/cve/CVE-2023-28466 https://bugzilla.redhat.com/show_bug.cgi?id=2179000 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2

A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=797805d81baa814f76cf7bdab35f86408a79d707 https://github.com/cifsd-team/ksmbd/commit/8824b7af409f51f1316e92e9887c2fd48c0b26d6 https://security.netapp.com/advisory/ntap-20230517-0002 https://securityonline.info/cve-2023-0210-flaw-in-linux-kernel-allows-unauthenticated-remote-dos-attacks https://www.openwall.com/lists/oss-security/2023/01/04/1 https://www.o • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. A use-after-free flaw was found in the Linux kernel's integrated infrared receiver/transceiver driver. This issue occurs when a user detaches a rc device. This could allow a local user to crash the system or potentially escalate their privileges on the system. • https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230413-0003 https://access.redhat.com/security/cve/CVE-2023-1118 https://bugzilla.redhat.com/show_bug.cgi?id=2174400 • CWE-416: Use After Free •