Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20240925-01
HistorySep 25, 2024 - 12:00 a.m.

ROS-20240925-01

2024-09-2500:00:00
redos.red-soft.ru
1
linux kernel
null pointer dereferencing
internal ap function
memory barrier
refcount memory leak
nested virtualization
denial of service

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

JSON

A vulnerability in the max3100 component of the Linux kernel is related to NULL pointer dereferencing.
Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability in the af_alg component of the Linux kernel is related to NULL pointer dereferencing.
Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability in the s390/ap component of the Linux kernel is related to a failure in the internal AP function
modify_bitmap(). Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability of the kvm_set_cpuid function of the include/linux/slab.h library of the KVM virtualization subsystem of the kernel of the Linux operating system is related to incorrect release of the AP function modify_bitmap().
of the Linux operating system is related to improper freeing of the kvm_cpuid_entry2 array. Exploitation
of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the tls component of the Linux operating system kernel is related to a missing memory barrier in the
tls_init. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the stm32 component of the Linux operating system kernel is related to a refcount memory leak in the
stm32_usbphyc_pll_enable(). Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the dpu component of the Linux operating system kernel is related to an invalid parameter check in the
dpu_setup_dspp_pcc(). Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the arch/x86/kvm/x86.c, lapic_shutdown components of the Kernel-based Virtual Machine (KVM) virtualization subsystem
Machine (KVM) subsystem of the Linux kernel is related to disabling the tsc-deadline mode and performing a
reboot in the guest system. Exploitation of the vulnerability could allow an attacker to cause a denial of
denial of service

Vulnerability of smc_setsockopt function of Linux kernel is related to null pointer dereferencing.
pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the kstrdup() function of the Linux operating system kernel is related to a memory leak in kstrdup().
Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability of the QueryVariableInfo function of the efi component of the Linux kernel is related to
lack of initialization. Exploitation of the vulnerability could allow an attacker to cause a denial of
denial of service

Vulnerability of the vmx_enter_smm function of the arch/x86/kvm/vmx/vmx.c file of the KVM virtualization subsystem of the kernel of the
of Linux operating system is related to forced exit from a nested virtualization operation during SMM state switching.
SMM state switching. Exploitation allowing an intruder to cause a denial of service

Vulnerability of the test_bpf function of the powerpc64 component of the Linux operating system kernel is related to the restriction of the
use of dbrx for ISA version 2.06 compliant processors. Exploitation of the vulnerability could allow an attacker to cause a denial of service.
Allow an attacker to cause a denial of service

Vulnerability in the drm/vc4 component of the Linux kernel is related to interlocking on DSI device attachment error.
on DSI device attachment error. Exploitation of the vulnerability could allow an attacker to cause a denial of service.
denial of service

Vulnerability in the mctp_route_input() function in the net/mctp/route.c module of the Management protocol implementation
Component Transport Protocol (MCTP) implementation of the Linux kernel is related to the reuse of previously freed memory.
of previously freed memory. Exploitation of the vulnerability could allow an attacker to impact the
confidentiality, integrity and availability of protected information

A vulnerability in the vt_ioctl component of the Linux operating system kernel is related to integer overflow.
Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the net/9p component of the net/9p kernel of the Linux operating system is related to improper initialization.
Exploitation of the vulnerability may allow to cause a denial of service

Vulnerability in the tproxy component of the Linux kernel is related to the absence of a disabled IP syzbotxy on the device.
IP syzbot disabled on the device. Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability in the hfi1 component of the Linux kernel is related to a panic condition on a larger ipoib send_queue.
ipoib send_queue_size. Exploitation of the vulnerability may allow an attacker to cause a denial of service

Vulnerability in the drm/amdgpu component of the Linux kernel is related to interlocking on a DSI device attachment error.
on DSI device attachment error. Exploitation of the vulnerability could allow an attacker to impact the
System confidentiality and availability

Vulnerability in the nci component of the Linux kernel is related to the use of an uninitialized resource.
resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability of ocelot_vlan_del() function in drivers/net/ethernet/mscc/ocelot.c module of Microsemi network adapter driver in Linux kernel is related to an uninitialized resource.
Microsemi network adapter driver module of the Linux kernel is related to the reuse of previously freed memory.
of previously freed memory. Exploitation of the vulnerability could allow an attacker to impact the
confidentiality, integrity and availability of protected information

A vulnerability in the msm component of the Linux kernel is associated with an invalid parameter check in the
msm_dsi_phy_enable(). Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability in Linux kernel component lgdt3306a is related to NULL pointer dereferencing.
Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability in the hwmon component of the Linux kernel is related to NULL pointer dereferencing.
Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the block component of the Linux kernel is related to a memory release error.
Exploitation of the vulnerability may allow an attacker to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64kernel-lt< 6.1.94-1UNKNOWN

Related

nvd 23
debiancve 21
osv 43
cvelist 21
ubuntucve 24
vulnrichment 21
cve 24
redhatcve 22
nvd
nvd
CVE-2022-48782
2024-07-16 12:15:03
CVE-2022-48779
2024-07-16 12:15:03
CVE-2022-48781
2024-07-16 12:15:03
debiancve
debiancve
CVE-2022-48779
2024-07-16 12:15:03
CVE-2022-48750
2024-06-20 12:15:13
CVE-2022-48764
2024-06-20 12:15:14
osv
osv
CVE-2022-48750
2024-06-20 12:15:13
CVE-2022-48779
2024-07-16 12:15:03
UBUNTU-CVE-2022-48782
2024-07-16 12:15:00
cvelist
cvelist
CVE-2022-48750 hwmon: (nct6775) Fix crash in clear_caseopen
2024-06-20 11:13:31
CVE-2022-48781 crypto: af_alg - get rid of alg_memory_allocated
2024-07-16 11:13:18
CVE-2022-48764 KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}
2024-06-20 11:13:41
ubuntucve
ubuntucve
CVE-2022-48779
2024-07-16 00:00:00
CVE-2022-48764
2024-06-20 00:00:00
CVE-2022-48750
2024-06-20 00:00:00
vulnrichment
vulnrichment
CVE-2022-48779 net: mscc: ocelot: fix use-after-free in ocelot_vlan_del()
2024-07-16 11:13:17
CVE-2022-48764 KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}
2024-06-20 11:13:41
CVE-2022-48781 crypto: af_alg - get rid of alg_memory_allocated
2024-07-16 11:13:18
cve
cve
CVE-2022-48750
2024-06-20 12:15:13
CVE-2022-48781
2024-07-16 12:15:03
CVE-2022-48764
2024-06-20 12:15:14
redhatcve
redhatcve
CVE-2022-48750
2024-06-20 13:56:57
CVE-2022-48763
2024-06-20 14:53:59
CVE-2022-48764
2024-06-20 14:26:37

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

JSON
Related for ROS-20240925-01
nvd23debiancve21osv43cvelist21ubuntucve24vulnrichment21cve24redhatcve22