Page 795 of 4645 results (0.041 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds. Se ha encontrado un fallo de lectura fuera de límites en el módulo io_uring del kernel de Linux en la forma en que un usuario desencadena la función io_read() con algunos parámetros especiales. Este fallo permite a un usuario local leer alguna memoria fuera de límites • https://access.redhat.com/security/cve/CVE-2022-1508 https://bugzilla.redhat.com/show_bug.cgi?id=2075533 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c2b3b74918200e46699338d7bcc19b1ea12110 https://ubuntu.com/security/CVE-2022-1508 • CWE-125: Out-of-bounds Read •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system. Se encontró una condición de carrera en la forma en que el subsistema de memoria del kernel de Linux manejaba la ruptura de copia en escritura (COW) de las asignaciones de memoria compartida privada de sólo lectura. Este fallo permite a un usuario local no privilegiado conseguir acceso de escritura a las asignaciones de memoria de sólo lectura, aumentando sus privilegios en el sistema • https://github.com/hyeonjun17/CVE-2022-2590-analysis https://lore.kernel.org/linux-mm/20220808073232.8808-1-david%40redhat.com https://www.openwall.com/lists/oss-security/2022/08/08/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. Se ha encontrado un fallo en el KVM del kernel de Linux cuando es intentado establecer una IRQ SynIC. Este problema hace posible a un VMM que sea comportado inapropiadamente escribir en las MSR de SYNIC/STIMER, causando una desreferencia de puntero NULL. • https://bugzilla.redhat.com/show_bug.cgi?id=2069736 https://github.com/torvalds/linux/commit/00b5f37189d24ac3ed46cb7f11742094778c46ce https://github.com/torvalds/linux/commit/7ec37d1cbe17d8189d9562178d8b29167fe1c31a https://github.com/torvalds/linux/commit/b1e34d325397a33d97d845e312d7cf2a8b646b44 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.openwall.com/lists/oss-security/2022/06/22/1 https://access.redhat.com/security& • CWE-476: NULL Pointer Dereference •

CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 0

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. Se ha encontrado una condición de carrera en el marco IP del kernel de Linux para la transformación de paquetes (subsistema XFRM) cuando son producidas simultáneamente varias llamadas a xfrm_probe_algs. Este fallo podría permitir a un atacante local desencadenar potencialmente una escritura fuera de límites o una pérdida de memoria de la pila del kernel al llevar a cabo una lectura fuera de límites y copiarla en un socket • https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraprojec • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation. Se ha encontrado un fallo en la implementación de IO-URING en el kernel de Linux. Este fallo permite a un atacante con permiso de ejecución local crear una cadena de peticiones que puede causar un fallo de uso de memoria previamente liberada dentro del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=2092549 https://security.netapp.com/advisory/ntap-20230214-0005 • CWE-416: Use After Free •