Page 705 of 4161 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. El archivo kernel/bpf/verifier.c en el kernel de Linux versiones hasta 5.12.7, aplica límites incorrectos para operaciones aritméticas de puntero, también se conoce como CID-bb01a1bba579. Esto puede ser abusado para llevar a cabo lecturas y escrituras fuera de límites en la memoria del kernel, conllevando a una escalada local de privilegios a root. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LR3OKKPHIBGOMHN476CMLW2T7UG53QX https://lists.fedoraproject.org/archives/list/package-announce%40lists.f • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 2

A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. Se encontró una vulnerabilidad en el kernel de Linux en la que el socket non-blocking en la función llcp_sock_connect() conduce a un filtrado de información y eventualmente bloquea el sistema • http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS https://security.netapp.com/advisory/ntap-20210702-0008 https://www.openwall.com/lists/oss-security/2020 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 2

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el Kernel de Linux, donde un filtrado de refcount en la función llcp_sock_connect() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios • http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.or • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. El emparejamiento seguro de Bluetooth LE y BR/EDR en Bluetooth Core Specification versiones 2.1 hasta 5.2, puede permitir a un atacante de tipo man-in-the-middle cercano identificar el Passkey usada durante el emparejamiento (en el procedimiento de autenticación de Passkey) mediante el reflejo de la clave pública y la evidencia de autenticació del dispositivo de inicio, potencialmente permitiendo a este atacante completar el emparejamiento autenticado con el dispositivo que responde usando la contraseña correcta para la sesión de emparejamiento. La metodología de ataque determina el valor de la Clave un bit a la vez A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge. • https://kb.cert.org/vuls/id/799380 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ https://security.gentoo.org/glsa/202209-16 https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security ht • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 1

The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. El block subsystem en el kernel de Linux versiones anteriores a 5.2 presenta un uso de la memoria previamente liberada que puede conllevar a una ejecución de código arbitrario en el contexto del kernel y una escalada de privilegios, también se conoce como CID-c3e2219216c9. Esto está relacionado con las funciones blk_mq_free_rqs y blk_cleanup_queue • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c3e2219216c92919a6bd1711f340f5faa98695e6 https://security.netapp.com/advisory/ntap-20210629-0006 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-blk_mq_free_rqs https://syzkaller.appspot.com/bug?id=36fe241584203cf394d44560a42e3430434f1213 • CWE-416: Use After Free •