Page 753 of 4633 results (0.041 seconds)

CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0

A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. A use-after-free flaw was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in the SCSI sub-component in the Linux Kernel. This issue could allow an attacker to leak kernel internal information. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://www.spinics.net/lists/linux-scsi/msg181542.html https://access.redhat.com/security/cve/CVE-2023-2162 https://bugzilla.redhat.com/show_bug.cgi?id=2187773 • CWE-416: Use After Free •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. • https://bugzilla.suse.com/show_bug.cgi?id=1210329 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06615d11cc78162dfd5116efb71f29eb29502d37 https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DPT I2O Controller driver. • https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240119-0011 https://www.debian.org/security/2023/dsa-5480 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-667: Improper Locking •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of RxRPC bundles. • https://bugzilla.redhat.com/show_bug.cgi?id=2189112 https://github.com/torvalds/linux/commit/3bcd6c7eaa53 https://security.netapp.com/advisory/ntap-20230609-0004 https://www.zerodayinitiative.com/advisories/ZDI-23-439 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 1

A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. A flaw was found in the Linux kernel's udmabuf device driver, within a fault handler. • https://github.com/bluefrostsecurity/CVE-2023-2008 https://bugzilla.redhat.com/show_bug.cgi?id=2186862 https://github.com/torvalds/linux/commit/05b252cccb2e5c3f56119d25de684b4f810ba4 https://security.netapp.com/advisory/ntap-20230517-0007 https://www.zerodayinitiative.com/advisories/ZDI-23-441 https://access.redhat.com/security/cve/CVE-2023-2008 • CWE-129: Improper Validation of Array Index •