Page 680 of 4313 results (0.010 seconds)

CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0

A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4831 https://access.redhat.com/security/cve/CVE-2023-33952 https://bugzilla.redhat.com/show_bug.cgi?id=2218212 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292 • CWE-415: Double Free •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-32252 https://bugzilla.redhat.com/show_bug.cgi?id=2219815 https://security.netapp.com/advisory/ntap-20231124-0001 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590 • CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-32254 https://bugzilla.redhat.com/show_bug.cgi?id=2191658 https://security.netapp.com/advisory/ntap-20230824-0004 https://www.zerodayinitiative.com/advisories/ZDI-23-702 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0

An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-2860 https://bugzilla.redhat.com/show_bug.cgi?id=2218122 https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Se encontró una falla en el ksmbd del kernel de Linux, un servidor SMB de alto rendimiento en el kernel. • https://access.redhat.com/security/cve/CVE-2023-32247 https://bugzilla.redhat.com/show_bug.cgi?id=2219803 https://security.netapp.com/advisory/ntap-20230915-0011 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478 • CWE-401: Missing Release of Memory after Effective Lifetime •