Page 532 of 3021 results (0.015 seconds)

CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). • https://lkml.org/lkml/2023/1/1/169 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow. • https://bugzilla.suse.com/show_bug.cgi?id=1208518 https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com https://security.netapp.com/advisory/ntap-20230406-0002 • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit  788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y&id=788d0824269bef539fe31a785b1517882eafed93 https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2132640 https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com https://security.netapp.com/advisory/ntap-20230406-0005 https://www.spinics.net/lists/kernel/msg4518970.html • CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0

A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. • https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lore.kernel.org/all/20221018203258.2793282-1-edumazet%40google.com https://access.redhat.com/security/cve/CVE-2023-0590 https://bugzilla.redhat.com/show_bug.cgi?id=2165741 • CWE-416: Use After Free •