Page 683 of 3924 results (0.027 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Se ha encontrado un fallo en el ksmbd del kernel de Linux, un servidor SMB de alto rendimiento integrado en el kernel. • https://access.redhat.com/security/cve/CVE-2023-32248 https://bugzilla.redhat.com/show_bug.cgi?id=2219818 https://security.netapp.com/advisory/ntap-20230915-0006 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479 • CWE-476: NULL Pointer Dereference •

CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-32250 https://bugzilla.redhat.com/show_bug.cgi?id=2208849 https://security.netapp.com/advisory/ntap-20230824-0004 https://www.zerodayinitiative.com/advisories/ZDI-23-698 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. Se encontró una falla en el ksmbd del kernel de Linux, un servidor SMB de alto rendimiento en el kernel. • https://access.redhat.com/security/cve/CVE-2023-32257 https://bugzilla.redhat.com/show_bug.cgi?id=2219806 https://security.netapp.com/advisory/ntap-20230915-0011 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •

CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 A vulnerability was found in copy_from_user in 64-bit versions of the Linux kernel. This flaw allows a local attacker to bypass the "access_ok" sanity check and pass a kernel pointer to copy_from_user(), resulting in kernel data leaking. • https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47 https://access.redhat.com/security/cve/CVE-2023-0459 https://bugzilla.redhat.com/show_bug.cgi?id=2216383 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-763: Release of Invalid Pointer or Reference •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1&id=22ed903eee23a5b174e240f1cdfa9acf393a5210 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20230622-0010 https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e https://www.debian.org/security/2023/dsa-5448 https://www.debian.org/security/2023/dsa-5480 https://access.redhat.com/security/cve/CVE-2023-2124 https&# • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •