Lucene search

K
redosRedosROS-20240813-02
HistoryAug 13, 2024 - 12:00 a.m.

ROS-20240813-02

2024-08-1300:00:00
redos.red-soft.ru
9
linux kernel
null pointer dereferencing
buffer handling
memory utilization
memory access
denial of service
confidentiality
integrity
availability
smb protocol
mellanox nic driver
apparmor module

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

Vulnerability of nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c module of NVMe driver of Linux kernel is related to null pointer dereference.
of Linux operating system is related to null pointer dereferencing. Exploitation of the vulnerability could
allow an attacker to cause a denial of service

A vulnerability in the blkpg_do_ioctl() function in the block/ioctl.c module of the block device driver of the Linux kernel kernel is related to the lack of matching the size of the pointer with the size of the pointer.
Linux system is related to the lack of partition size and block size mismatch. Exploitation
exploitation of the vulnerability may allow an intruder to affect the integrity and availability of protected information.
information

Vulnerability of the i801_block_transaction_by_block() function in the drivers/i2c/busses/i2c-i801.c module of the I2C bus driver of the Linux operating system kernel is related to the incorrect I2C bus driver.
I2C bus driver of Linux operating system kernel is related to incorrect buffer handling. Exploitation
of the vulnerability could allow an attacker to cause a denial of service

Vulnerability of the ksmbd_tcp_new_connection() function of the fs/smb/server/transport_tcp.c module of the SMB (Server Message Block) network protocol implementation.
SMB (Server Message Block) protocol of the kernel ksmbd server of the kernel CIFS/SMB3 intranuclear CIFS/SMB3 server of the Linux operating system is related to memory utilization after its execution.
of Linux operating system kernel is related to memory utilization after memory freeing. Exploitation of the vulnerability could
allow an attacker to affect the confidentiality, integrity, and availability of protected
information

Vulnerability in the dlpar_memory_remove_by_index() function of the powerpc pseries memory management driver of the kernel of the
of Linux operating system is related to reading memory outside the allocated buffer. Exploitation
of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of protected information.
availability of protected information

Vulnerability of the gfs2_rgrgrp_dump() function in the fs/gfs2/rgrp.c module of the gfs2 file system of the Linux operating system kernel is related to dereferencing of null memory outside the allocated buffer.
Linux kernel file system is related to null pointer dereferencing. Exploitation of the vulnerability could allow
an attacker to cause a denial of service

Vulnerability of bpf_map_put() function in kernel/bpf/syscall.c module of Linux operating system kernel is related to
memory usage after it is freed. Exploitation of the vulnerability could allow an attacker to have an impact
affect confidentiality, integrity and availability of protected information

Vulnerability of bpf_tracing_prog_attach() function in kernel/bpf/syscall.c module of Linux operating system kernel is related to dereferencing of null memory after its release.
Linux is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to
cause a denial of service

Vulnerability of unpack_profile() function in security/apparmor/policy_unpack.c module of security module
AppArmor module of the Linux kernel is related to null pointer dereferencing. Exploitation
the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the adjust_ptr_min_max_vals() function in the kernel/bpf/verifier.c module of the kernel of the Linux operating system
Linux is related to memory accesses outside the allocated buffer. Exploitation of the vulnerability could
allow an intruder to affect confidentiality and availability of protected information

Vulnerability of mlxsw_sp_acl_tcam_init() function in module
drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c of the Mellanox NIC driver in the Linux kernel is associated with a buffer overflow.
of the Linux kernel is associated with a buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a
denial of service or other impact

Vulnerability in the 8250 serial interface driver of the Linux kernel is related to a buffer overflow.
memory usage after memory has been freed. Exploitation of the vulnerability could allow an attacker to cause a denial of service or otherwise exploit the vulnerability.
denial of service or execute arbitrary code

Vulnerability in the implementation of the SMB (Server Message Block) network protocol of the in-core CIFS/SMB3 server
ksmbd server of the Linux kernel is related to incorrect processing of authentication tokens in the
smb2_sess_setup() function in the fs/smb/server/smb2pdu.c module. Exploitation of the vulnerability could allow an
an attacker to affect the confidentiality and availability of data

A vulnerability in the MTD driver of the Linux kernel is related to null pointer dereferencing in the
register_mtd_blktrans() and blktrans_notify_add() functions in the drivers/mtd/mtd_blkdevs.c module.
Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the f2fs_rename() function of the f2fs component of the Linux operating system kernel is related to the
The assert() function or a similar operator. Exploitation of the vulnerability could allow
an attacker to escalate privileges

Vulnerability of pvr2_context_disconnect() in drivers/media/usb/pvrusb2/pvrusb2-context.c module
of the Hauppauge WinTV-PVR USB2 driver of the Linux kernel is related to memory usage after its release.
after it has been freed. Exploitation of the vulnerability could allow an attacker to impact the
confidentiality, integrity and availability of protected information

Vulnerability of the imx_uart_stop_tx() function in the drivers/tty/serial/imx.c module of the serial device driver of the Motorolla IMX kernel operating system.
Motorolla IMX serial device driver module of the Linux operating system kernel is related to infinite loop. Exploitation of the
of the vulnerability could allow an attacker to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64kernel-lt< 6.1.94-1UNKNOWN

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low