Page 511 of 2730 results (0.019 seconds)

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. El archivo net/can/bcm.c en el kernel de Linux versiones hasta 5.12.10, permite a usuarios locales obtener información confidencial de la memoria de la pila del kernel porque partes de una estructura de datos no están inicializadas • http://www.openwall.com/lists/oss-security/2021/06/15/1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T https://ww • CWE-909: Missing Initialization of Resource •

CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0

Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso adyacente A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. • https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html https://security.gentoo.org/glsa/202209-16 https://security.netapp.com/advisory/ntap-20210716-0002 https://www.debian.org/security/2021/dsa-4951 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html https://access.redhat.com/security/cve/CVE-2021& • CWE-287: Improper Authentication •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.8.1. El archivo net/bluetooth/hci_event.c presenta una lectura fuera de límites en la función hci_extended_inquiry_result_evt, también se conoce como CID-51c19bf3d5cf A flaw out of bounds memory access in the Linux kernel bluetooth subsystem was found in the way when some data being read about the bluetooth device with the hci_extended_inquiry_result_evt call. A local user could use this flaw to crash the system or read some data out of memory bounds that can lead to data confidentiality threat. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101 https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2 https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000 https://access.redhat.com/security/cve/CVE-2020-36386 https://bugzilla.redhat.com&# • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.10. El archivo drivers/infiniband/core/ucma.c, presenta un uso de la memoria previamente liberada porque el ctx es alcanzado por medio de la función ctx_list en algunas situaciones donde la función ucma_migrate_id en que la función ucma_close, es llamada también se conoce como CID-f5449e74802c An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1 https://security.netapp.com/advisory/ntap-20210720-0004 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2 https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6 https://www.starwindsoftware.com/security/sw-20220802-0002 https://access.redhat.com/security/cve/CVE-2020-36385 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. Se ha encontrado un fallo en el kernel de Linux. Es identificado un problema de denegación de servicio si es corrompido un árbol de extensiones en un sistema de archivos ext4 diseñado en el archivo fs/ext4/extents.c en la función ext4_es_cache_extent. • https://bugzilla.redhat.com/show_bug.cgi?id=1972621 https://ubuntu.com/security/CVE-2021-3428 https://www.openwall.com/lists/oss-security/2021/03/17/1 https://access.redhat.com/security/cve/CVE-2021-3428 https://bugzilla.redhat.com/show_bug.cgi?id=1936786 • CWE-190: Integer Overflow or Wraparound •