Page 620 of 3468 results (0.020 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. • http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html https://patchwork.kernel.org/project/linux-fsdevel/patch/87iltzn3nd.fsf_-_%40email.froward.int.ebiederm.org https://access.redhat.com/security/cve/CVE-2023-1249 https://bugzilla.redhat.com/show_bug.cgi?id=2169719 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54e45702b648b7c0000e90b3e9b890e367e16ea8 https://security.netapp.com/advisory/ntap-20230505-0003 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4f1dc7d9756e66f3f876839ea174df2e656b7f79 https://security.netapp.com/advisory/ntap-20230505-0002 •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=467333af2f7b95eeaa61a5b5369a80063cd971fd https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/fs/ntfs3?id=467333af2f7b95eeaa61a5b5369a80063cd971fd https://security.netapp.com/advisory/ntap-20230413-0006 • CWE-763: Release of Invalid Pointer or Reference •

CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). A use-after-free flaw was found in the do_tls_getsockopt function in net/tls/tls_main.c in the Transport Layer Security (TLS) in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://security.netapp.com/advisory/ntap-20230427-0006 https://access.redhat.com/security/cve/CVE-2023-28466 https://bugzilla.redhat.com/show_bug.cgi?id=2179000 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •