Page 465 of 2837 results (0.020 seconds)

CVSS: 7.4EPSS: 0%CPEs: 24EXPL: 1

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en el kernel de Linux anterior a mainline 5.3. • http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200204-0002 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 https://usn.ubuntu.com • CWE-287: Improper Authentication CWE-440: Expected Behavior Violation •

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) El archivo kernel/sched/fair.c en el kernel de Linux versiones anteriores a 5.3.9, cuando la función cpu.cfs_quota_us es usada (por ejemplo, con Kubernetes), permite a atacantes causar una denegación de servicio contra aplicaciones no vinculadas a la CPU al generar una carga de trabajo que desencadena vencimiento de corte no deseado, también se conoce como CID-de53fd7aedb1. (En otras palabras, aunque esta caducidad de corte se vería típicamente con cargas de trabajo benignas, es posible que un atacante pueda calcular cuántas peticiones extraviadas se requieren para forzar a un clúster Kubernetes completo a un estado de bajo rendimiento causado por la caducidad de corte, y garantizar que un ataque DDoS envió esa cantidad de peticiones perdidas. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425 https://github.com/kubernetes/kubernetes/issues/67577 https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://relistan.com/the-kernel-may-be-slowing-down-your-app https://security.netapp.com/advisory/ntap-20200204-0002 https:/& • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.3EPSS: 0%CPEs: 24EXPL: 1

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. En el kernel de Linux versión 5.0.21, montar una imagen del sistema de archivos btrfs especialmente diseñada y realizar algunas operaciones puede causar un acceso de escritura fuera de límites en la función __btrfs_map_block en el archivo fs/btrfs/volumes.c, porque un valor de 1 para el número de franjas de datos es mal manejado. • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html https://security.netapp.com/advisory/ntap-20200103-0001 https://usn.ubuntu.com/4414-1 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context. En el kernel de Linux versiones anteriores a la versión 5.4.2, la característica io_uring genera peticiones que inadvertidamente tienen UID 0 y capacidades completas, también se conoce como CID-181e448d8709. • https://www.exploit-db.com/exploits/47779 https://bugs.chromium.org/p/project-zero/issues/detail?id=1975 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=181e448d8709e517c9c7b523fcd209f24eb38ca7 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d69e07793f891524c6bbf1e75b9ae69db4450953 https://security.netapp.com/advisory/ntap-20200103-0001 https://usn.ubuntu.com/4284-1 •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1

In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. En el kernel de Linux versiones anteriores a la versión 5.3.11, el archivo sound/core/timer.c tiene un uso de la memoria previamente liberada causado por una refactorización de código errónea, también se conoce como CID-e7af6307a8a5. Esto está relacionado con las funciones snd_timer_open y snd_timer_close_locked. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af6307a8a54f0b873960b32b6a644f2d0fbd97 https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd97 https://security.netapp.com/advisory/ntap-20200103-0001 https://usn.ubuntu.com/4225-1 https://usn.ubuntu.com/4227-1 https://usn.ubuntu.com/4227-2 https://access.redhat.com/security/cve/CVE-2019-19807 https://bugzilla.redhat.com/ • CWE-416: Use After Free •