Page 95 of 3715 results (0.015 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-0487

https://notcve.org/view.php?id=CVE-2022-0487

A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en la función rtsx_usb_ms_drv_remove en el archivo drivers/memstick/host/rtsx_usb_ms.c en memstick en el kernel de Linux. En este fallo, un atacante local con un privilegio de usuario puede afectar a la confidencialidad del sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=2044561 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5095 https://www.debian.org/security/2022/dsa-5096 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2021-4093 – kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io

https://notcve.org/view.php?id=CVE-2021-4093

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario. Se ha encontrado un fallo en el código de AMD de KVM para soportar la Virtualización Segura Encriptada-Estado Encriptado (SEV-ES). Un huésped de KVM que use SEV-ES puede desencadenar lecturas y escrituras fuera de límites en el núcleo anfitrión por medio de un VMGEXIT malicioso para una instrucción de E/S de cadena (por ejemplo, outs o ins) usando el motivo de salida SVM_EXIT_IOIO. • https://bugs.chromium.org/p/project-zero/issues/detail?id=2222 https://bugzilla.redhat.com/show_bug.cgi?id=2028584 https://access.redhat.com/security/cve/CVE-2021-4093 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 7.9EPSS: 0%CPEs: 36EXPL: 1

CVE-2021-3752 – kernel: possible use-after-free in bluetooth module

https://notcve.org/view.php?id=CVE-2021-3752

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de uso de memoria previamente liberada en el subsistema Bluetooth del kernel de Linux en la forma en que las llamadas de usuario son conectadas al socket y son desconectadas simultáneamente debido a una condición de carrera. Este fallo permite a un usuario bloquear el sistema o escalar sus privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=1999544 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/lkml/20211115165435.133245729%40linuxfoundation.org https://security.netapp.com/advisory/ntap-20220318-0009 https://www.debian.org/security/2022/dsa-5096 https://www.openwall.com/lists/oss-security/2021/09/15/4 https://www.oracle.com/security-alerts/cpujul2022.html https:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-3716 – nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS

https://notcve.org/view.php?id=CVE-2021-3716

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en nbdkit debido al almacenamiento inapropiado en caché del estado de texto plano a través del límite de cifrado STARTTLS. Un atacante de tipo MitM podría usar este fallo para inyectar un texto plano NBD_OPT_STRUCTURED_REPLY antes de hacer proxy todo lo demás que un cliente envía al servidor, lo que podría conllevar a que el cliente termine la sesión NBD. • https://bugzilla.redhat.com/show_bug.cgi?id=1994695 https://gitlab.com/nbdkit/nbdkit/-/commit/09a13dafb7bb3a38ab52eb5501cba786365ba7fd https://gitlab.com/nbdkit/nbdkit/-/commit/6c5faac6a37077cf2366388a80862bb00616d0d8 https://listman.redhat.com/archives/libguestfs/2021-August/msg00083.html https://www.openwall.com/lists/oss-security/2021/08/18/2 https://access.redhat.com/security/cve/CVE-2021-3716 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •

CVSS: 9.9EPSS: 18%CPEs: 42EXPL: 3

CVE-2021-44142 – Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. El módulo vfs_fruit de Samba usa atributos de archivo extendidos (EA, xattr) para proporcionar "...compatibilidad mejorada con los clientes SMB de Apple e interoperabilidad con un servidor de archivos AFP de Netatalk 3". Samba versiones anteriores a 4.13.17, 4.14.12 y 4.15.5 con vfs_fruit configurado permiten una lectura y escritura fuera de límites de la pila por medio de atributos de archivo extendidos especialmente diseñados. • https://github.com/horizon3ai/CVE-2021-44142 https://github.com/gudyrmik/CVE-2021-44142 https://github.com/hrsman/Samba-CVE-2021-44142 https://bugzilla.samba.org/show_bug.cgi?id=14914 https://kb.cert.org/vuls/id/119678 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2021-44142.html https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin https://access.redhat&# • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •