Page 535 of 3164 results (0.030 seconds)

CVSS: 4.4EPSS: 0%CPEs: 19EXPL: 2

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. Se detectó un problema de inconsistencia de bloqueo en el subsistema tty del kernel de Linux versiones hasta 5.9.13. Los archivos drivers/tty/tty_io.c y drivers/tty/tty_jobctrl.c pueden permitir un ataque de lectura de la memoria previamente liberada contra TIOCGSID, también se conoce como CID-c8bcd9c5be24 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel. A local user could use this flaw to read numerical value from memory after free. • http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html http://www.openwall.com/lists/oss-security/2020/12/10/1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9 https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6X • CWE-416: Use After Free CWE-667: Improper Locking •

CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 1

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Se detectó un problema de bloqueo en el subsistema tty del kernel de Linux versiones hasta 5.9.13. El archivo drivers/tty/tty_jobctrl.c, permite un ataque de uso de la memoria previamente liberada contra TIOCSPGRP, también se conoce como CID-54ffccbf053b A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/wojkos9/arm-CVE-2020-29661 http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html http://www.openwall.com/lists/oss-security/2020/12/10/1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html https://lists.debian.org/debian-lts- • CWE-416: Use After Free CWE-667: Improper Locking •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94. Se detectó un problema en el kernel de Linux versiones anteriores a 5.9.3, io_uring toma una referencia non-refcounted al files_struct del proceso que envió una petición, causando que la función execve() optimice incorrectamente la función unshare_fd(), también se conoce como CID-0f2122045b94 • https://bugs.chromium.org/p/project-zero/issues/detail?id=2089 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f2122045b946241a9e549c2a76cea54fa58a7ff •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en la implementación de futex del kernel de Linux. Este fallo permite a un atacante local corromper la memoria del sistema o aumentar sus privilegios al crear un futex en un sistema de archivos que está a punto de ser desmontado. • https://bugzilla.redhat.com/show_bug.cgi?id=1874311 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254 https://access.redhat.com/security/cve/CVE-2020-14381 • CWE-416: Use After Free •

CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. Se encontró una perdida de memoria de fallo en el subsistema de monitoreo del rendimiento del kernel de Linux en el modo si se usaba PERF_EVENT_IOC_SET_FILTER. Un usuario local podría utilizar este fallo para privar los recursos causando una denegación de servicio A memory leak flaw was found in the Linux kernel’s performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. This flaw allows a local user to starve the resources, causing a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1895961 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://www.openwall.com/lists/oss-security/2020/11/09/1 https://www.starwindsoftware.com/security/sw-20220802-0003 https://access.redhat.com/security/cve/CVE-2020-25704 • CWE-401: Missing Release of Memory after Effective Lifetime •