Page 498 of 2563 results (0.026 seconds)

CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/dvb-core/dvb_frontend.c tiene una condición de carrera que puede provocar un use-after-free cuando se desconecta un dispositivo. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c tiene una pérdida de memoria debido a la falta de una llamada dvb_frontend_detach. A memory leak issue was found in the Linux kernel media subsystem in the TTUSB DEC driver. It could occur in the ttusb_dec_exit_dvb() function because of the lack of a dvb_frontend_detach call. A local user could trigger this flaw by repeatedly plugging and unplugging the device, potentially causing a denial of service condition. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517a281338322ff8293f988771c98aaa7205e457 https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 https://access.redhat.com/security/cve/CVE-2022-45887 https://bugzilla.redhat.com/show_bug.cgi?id=2148520 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url Existen vulnerabilidades de use-after-free en las funciones l2cap_connect y l2cap_le_connect_req del kernel de Linux net/bluetooth/l2cap_core.c que pueden permitir la ejecución de código y la pérdida de memoria del kernel (respectivamente) de forma remota a través de Bluetooth. Un atacante remoto podría ejecutar código que filtre la memoria del kernel a través de Bluetooth si se encuentra cerca de la víctima. Recomendamos actualizar al commit anterior https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim. • https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4 https://access.redhat.com/security/cve/CVE-2022-42896 https://bugzilla.redhat.com/show_bug.cgi?id=2147364 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 La vulnerabilidad de Use After Free en el kernel de Linux permite la escalada de privilegios. Una actualización incorrecta del recuento de referencias en io_uring conduce a un use-after-free y escalada de privilegios locales. Cuando se invocó io_msg_ring con un archivo fijo, llamó a io_fput_file(), lo que disminuyó incorrectamente su recuento de referencias (lo que llevó a Use-After-Free y Escalada de privilegios locales). • https://github.com/veritas501/CVE-2022-3910 https://github.com/TLD1027/CVE-2022-3910 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://kernel.dance/#fc7222c3a9f56271fba02aabbfbae999042f1679 • CWE-416: Use After Free •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. Se encontró una falla de solicitud de lectura incorrecta en el controlador USB del transceptor de infrarrojos en el kernel de Linux. Este problema ocurre cuando un usuario conecta un dispositivo USB malicioso. • https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com https://lore.kernel.org/all/E1obysd-009Grw-He%40www.linuxtv.org • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •