Page 542 of 3605 results (0.039 seconds)

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e12d7a46f65ae4b7d58a5e0c1cbfa825cf8 https://www.debian.org/security/2023/dsa-5492 • CWE-413: Improper Resource Locking CWE-667: Improper Locking •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system. • https://github.com/TurtleARM/CVE-2023-3338-DECPwn https://access.redhat.com/security/cve/CVE-2023-3338 https://bugzilla.redhat.com/show_bug.cgi?id=2218618 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://seclists.org/oss-sec/2023/q2/276 https://security.netapp.com/advisory/ntap-20230824-0005 https://www.debian.org/security/2023/dsa-5480 • CWE-476: NULL Pointer Dereference •

CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. • https://bugzilla.redhat.com/show_bug.cgi?id=2175903 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230929-0006 https://www.debian.org/security/2023/dsa-5480 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-1206 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. Se encontró una vulnerabilidad de use-after-free en el subsistema netfilter del kernel de Linux en net/netfilter/nf_tables_api.c. El manejo de errores mal manejado con NFT_MSG_NEWRULE permite usar un puntero colgante en la misma transacción que causa una vulnerabilidad de use-after-free. Esta falla permite que un atacante local con acceso de usuario cause un problema de escalada de privilegios. • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97 https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97 https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230818-0004 https://www.debian.org/security/2023/dsa-5448 https&# • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). Una vulnerabilidad de use-after-free en el subsistema de io_uring del kernel de Linux puede ser explotada para lograr la escalada de privilegios locales. Ejecutar una solicitud de io_uring cancelar sondeo con un tiempo de espera vinculado puede provocar una UAF en un hrtimer. Recomendamos actualizar al commit anterior ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 para 5.10 stable y 0e388fce7aec40992eadee654193cad345d62663 para 5.15 stable). • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=0e388fce7aec40992eadee654193cad345d62663 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59 https://kernel.dance/0e388fce7aec40992eade • CWE-416: Use After Free •