Page 480 of 2470 results (0.030 seconds)

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. Se encontró una vulnerabilidad en vhost_new_msg en drivers/vhost/vhost.c en el kernel de Linux, que no inicializa correctamente la memoria en los mensajes pasados entre los invitados virtuales y el sistema operativo host en la función vhost/vhost.c:vhost_new_msg(). Este problema puede permitir a los usuarios locales privilegiados leer algunos contenidos de la memoria del kernel cuando leen desde el archivo del dispositivo /dev/vhost-net. • https://access.redhat.com/errata/RHSA-2024:3618 https://access.redhat.com/errata/RHSA-2024:3627 https://access.redhat.com/security/cve/CVE-2024-0340 https://bugzilla.redhat.com/show_bug.cgi?id=2257406 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. Se encontró una falla de use-after-free en el kernel de Linux debido a un problema de ejecución en la eliminación de ejecución de SKB por parte del recolector de basura de Unix con unix_stream_read_generic() en el socket en el que el SKB está en cola. Linux suffers from an io_uring use-after-free vulnerability due to broken unix GC interaction. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/security/cve/CVE-2023-6531 https://bugzilla.redhat.com/show_bug.cgi?id=2253034 https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0

An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition. Se descubrió un problema en el kernel de Linux anterior a 6.6.8. atalk_ioctl en net/appletalk/ddp.c tiene un use after free debido a una condición de ejecución atalk_recvmsg. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html • CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0

An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition. Se descubrió un problema en el kernel de Linux anterior a 6.6.8. rose_ioctl en net/rose/af_rose.c tiene un use after free debido a una condición de ejecución rose_accept. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html • CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0

An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. Se descubrió un problema en el kernel de Linux anterior a 6.6.8. do_vcc_ioctl en net/atm/ioctl.c tiene un use after free debido a una condición de ejecución vcc_recvmsg. A use-after-free flaw was found in the Linux kernel's net/atm/ioctl.c (ATM networking technology driver): do_vcc_ioctl in net/atm/ioctl.c is vulnerable to use-after-free due to a race condition in vcc_recvmsg. This issue can allow an attacker to possibly gain unauthorized access, escalate privileges, or cause the system to crash. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 https://github.com/torvalds/linux/commit/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://security.netapp.com/advisory/ntap-20240419-0001 https://access.redhat.com/security/cve/CVE-2023-51780 https://bugzilla.redhat.com/show_bug.cgi?id=2257682 • CWE-416: Use After Free •