Page 536 of 3605 results (0.024 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. Una vulnerabilidad de Use-After-Free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. Cuando nf_tables_delrule() vacía las reglas de la tabla, no se verifica si la cadena está vinculada y la regla del propietario de la cadena también puede liberar los objetos en determinadas circunstancias. Recomendamos actualizar al pasado commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. A use-after-free flaw was found in the Linux kernel's netfilter: nf_tables component, which can be exploited to achieve local privilege escalation. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-3777 https://bugzilla.redhat.com/show_bug.cgi?id=223 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2. Una vulnerabilidad de use-after-free en el netfilter del kernel de Linux: nf_tables componente puede ser explotado para lograr la escalada de privilegios locales. En un error al crear una regla nftables, desactivar expresiones inmediatas en nft_immediate_deactivate() puede llevar a desenlazar la cadena y los objetos se desactiven pero se usen más tarde. Recomendamos actualizar al commit anterior 0a771f7b266b02d262900c75f1e175c7fe76fec2. A use-after-free flaw was found in the Linux kernel's netfilter: nf_tables component, which can be exploited to achieve local privilege escalation. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a771f7b266b02d262900c75f1e175c7fe76fec2 https://kernel.dance/0a771f7b266b02d262900c75f1e175c7fe76fec2 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-4015 https://bugzilla.redhat.com/show_bug.cgi?id=2237752 • CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0

A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak. • https://access.redhat.com/security/cve/CVE-2023-4611 https://bugzilla.redhat.com/show_bug.cgi?id=2227244 https://www.spinics.net/lists/stable-commits/msg310136.html • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak. • https://access.redhat.com/security/cve/CVE-2023-4569 https://bugzilla.redhat.com/show_bug.cgi?id=2235470 https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230812110526.49808-1-fw@strlen.de https://www.debian.org/security/2023/dsa-5492 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. • https://access.redhat.com/errata/RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1367 https://access.redhat.com/errata/RHSA-2024:1382 https://access.redhat.com/errata/RHSA-2024:2006 https://access.redhat.com/errata/RHSA-2024:2008 https://access.redhat.com/security/cve/CVE-2023-4459 https://bugzilla.redhat.com/show_bug.cgi?id=2219268 https://github.com/torvalds/ • CWE-476: NULL Pointer Dereference •