Page 629 of 5055 results (0.018 seconds)

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). Se descubrió un problema en el kernel de Linux hasta 5.16-rc6. ef100_update_stats en drivers/net/ethernet/sfc/ef100_nic.c carece de verificación del valor de retorno de kmalloc(). • https://bugzilla.redhat.com/show_bug.cgi?id=2153066 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=407ecd1bd726f240123f704620d46e285ff30dd9 https://access.redhat.com/security/cve/CVE-2022-3106 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). Los invitados pueden provocar un punto muerto en Linux netback driver T. Este registro de información CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE.] • http://www.openwall.com/lists/oss-security/2022/12/08/2 http://www.openwall.com/lists/oss-security/2022/12/08/3 http://www.openwall.com/lists/oss-security/2022/12/09/2 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://xenbits.xenproject.org/xsa/advisory-424.txt • CWE-667: Improper Locking •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. • http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html http://www.openwall.com/lists/oss-security/2022/12/07/2 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://xenbits.xenproject.org/xsa/advisory-423.txt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). Los invitados pueden provocar un punto muerto en Linux netback driver T. Este registro de información CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE.] • http://www.openwall.com/lists/oss-security/2022/12/08/2 http://www.openwall.com/lists/oss-security/2022/12/08/3 http://www.openwall.com/lists/oss-security/2022/12/09/2 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://xenbits.xenproject.org/xsa/advisory-424.txt • CWE-667: Improper Locking •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. Se encontró un fallo en el subsistema de control de tráfico (TC) del kernel de Linux. Usando una configuración de red específica (redireccionando paquetes de salida para ingresar usando la acción TC "mirred"), un usuario local sin privilegios podría desencadenar un bloqueo suave de la CPU (bloqueo ABBA) cuando el protocolo de transporte en uso (TCP o SCTP) realiza una retransmisión, lo que resulta en una condición de denegación de servicio. • https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti%40redhat.com https://security.netapp.com/advisory/ntap-20230929-0001 https://www.debian.org/security/2023/dsa-5480 https://access.redhat.com/security/cve/CVE-2022-4269 https://bugzilla.redhat.com/show_bug.cgi?id=2150272 • CWE-833: Deadlock •