Page 585 of 3437 results (0.016 seconds)

CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0

CVE-2021-3760

https://notcve.org/view.php?id=CVE-2021-3760

A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. Se ha encontrado un fallo en el kernel de Linux. Una vulnerabilidad de uso de memoria previamente liberada en la pila NFC puede conllevar a una amenaza a la confidencialidad, integridad y disponibilidad del sistema • https://bugzilla.redhat.com/show_bug.cgi?id=2000585 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20220318-0007 https://www.debian.org/security/2022/dsa-5096 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2021-43389 – kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c

https://notcve.org/view.php?id=CVE-2021-43389

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.14.15. Se presenta un fallo de índice de matriz fuera de límites en la función detach_capi_ctr en el archivo drivers/isdn/capi/kcapi.c An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network (ISDN) functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of service. • http://www.openwall.com/lists/oss-security/2021/11/05/1 https://bugzilla.redhat.com/show_bug.cgi?id=2013180 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48 • CWE-125: Out-of-bounds Read •

CVSS: 4.7EPSS: 0%CPEs: 13EXPL: 0

CVE-2020-27820 – kernel: use-after-free in nouveau kernel module

https://notcve.org/view.php?id=CVE-2020-27820

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver). Se ha encontrado una vulnerabilidad en el kernel de Linux, en la que un uso de memoria previamente liberada en el manejador postclose() de nouveau podría ocurrir si se quita el dispositivo (que no es común quitar la tarjeta de vídeo físicamente sin apagar, pero lo mismo ocurre si se "desvincula" el controlador) • https://bugzilla.redhat.com/show_bug.cgi?id=1901726 https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2020-27820 https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com https://lore.kernel.org • CWE-416: Use After Free •

CVSS: 9.8EPSS: 4%CPEs: 18EXPL: 3

CVE-2021-43267 – kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type

https://notcve.org/view.php?id=CVE-2021-43267

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. Se ha detectado un problema en el archivo net/tipc/crypto.c en el kernel de Linux versiones anteriores a 5.14.16. La funcionalidad Transparent Inter-Process Communication (TIPC) permite a atacantes remotos explotar una comprobación insuficiente de los tamaños suministrados por el usuario para el tipo de mensaje MSG_CRYPTO A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system. • https://github.com/zzhacked/CVE-2021-43267 https://github.com/DarkSprings/CVE-2021-43267-POC http://www.openwall.com/lists/oss-security/2022/02/10/1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16 https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVWL7HZV5T5OEKJPO2D67RMFMKBBXGGB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message&# • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-43056 – kernel: ppc: kvm: allows a malicious KVM guest to crash the host

https://notcve.org/view.php?id=CVE-2021-43056

An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. Se ha detectado un problema en el kernel de Linux para powerpc versiones anteriores a 5.14.15. Permite que un invitado KVM malicioso bloquee el host, cuando éste es ejecutado en Power8, debido a un error de implementación de arch/powerpc/kvm/book3s_hv_rmhandlers.S en el manejo de los valores del registro SRR1 A denial of service problem was found in the Linux kernel's Kernel-based Virtual Machine (KVM) specific to PowerPC. In this flaw, a user with local access can confuse the host offline code, causing the guest to crash. • http://www.openwall.com/lists/oss-security/2021/10/28/1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15 https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AA7EAPPKWG4LMTQQLNNSKATY6ST2KQFE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBM4FP3IT3JZ2O7EBS7TEOG657N4ZGRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-252: Unchecked Return Value •