Lucene search
+L

346 matches found

redhat
redhat
added 2024/10/16 12:36 a.m.8 views

kernel: kvm: Avoid potential UAF in LPI translation cache

A flaw was found in the Linux kernel pertaining to a potential use-after-free UAF scenario in a system involving Logical Partitioning Interrupts LPI translation cache operations. Specifically, the issue arises when a cache hit occurs concurrently with an operation that invalidates the cache, such...

7.8CVSS6.8AI score0.0024EPSS
Exploits0References5
mscve
mscve
added 2024/10/12 7:0 a.m.3 views

memcg: protect concurrent access to mem_cgroup_idr

...

4.7CVSS6.7AI score0.00229EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2024/10/07 12:0 a.m.7 views

The software for creating and running NVIDIA Container Toolkit containers, as well as the NVIDIA GPU Operator resource management software, is vulnerable. This vulnerability allows attackers to escalate their privileges or execute arbitrary code.

The vulnerability of software for creating and running NVIDIA Container Toolkit containers, as well as software for managing NVIDIA GPU resources, is related to the assignment of a zero pointer due to concurrent access to resources. Exploiting this vulnerability allows a malicious actor to enhanc...

9CVSS8.2AI score0.37055EPSS
Exploits2References4Affected Software3
bdu_fstec
bdu_fstec
added 2024/09/16 12:0 a.m.6 views

The vulnerability of the unix_release_sock/unix_stream_sendmsg function in the af_unix component of the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the unixreleasesock/unixstreamsendmsg function in the afunix component is related to concurrent access to resources race condition. Exploiting this vulnerability could allow a attacker to cause service failures...

4.7CVSS6.7AI score0.00186EPSS
Exploits0References52Affected Software6
bdu_fstec
bdu_fstec
added 2024/09/09 12:0 a.m.6 views

The vulnerability of the signal handler in the sshd(8) program of the FreeBSD operating system allows a hacker to execute arbitrary code in the root context.

The vulnerability of the signal handler in the sshd8 program of the FreeBSD operating system is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root context...

8.1CVSS7.5AI score0.02038EPSS
Exploits0References4Affected Software1
osv
osv
added 2024/08/26 11:15 a.m.14 views

AZL-48662 CVE-2024-43892 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to memcgroupidr Commit 73f576c04b94 "mm: memcontrol: fix cgroup creation failure after many small jobs" decoupled the memcg IDs from the CSS ID space to fix the cgroup creation failures. It...

4.7CVSS6.4AI score0.00229EPSS
Exploits0References1
osv
osv
added 2024/08/26 11:15 a.m.13 views

UBUNTU-CVE-2024-43892

In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to memcgroupidr Commit 73f576c04b94 "mm: memcontrol: fix cgroup creation failure after many small jobs" decoupled the memcg IDs from the CSS ID space to fix the cgroup creation failures. It...

4.7CVSS6.2AI score0.00229EPSS
Exploits0References28
cve
cve
added 2024/08/26 10:10 a.m.207 views

CVE-2024-43892

The CVE-2024-43892 entry concerns a race in the Linux kernel memcg subsystem: concurrent idr_remove() calls for mem_cgroup_idr could race with idr_alloc()/idr_replace() and lead to multiple memcgs obtaining the same ID, which in turn can destabilize memcg-related structures and trigger crashes in...

4.7CVSS7.2AI score0.00229EPSS
Exploits0References8Affected Software1
cnnvd
cnnvd
added 2024/08/26 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unprotected concurrent access when accessing memcgroupidr, leading to a potentially competitive condition...

4.7CVSS6.6AI score0.00229EPSS
Exploits0References6
redhat
redhat
added 2024/08/13 10:53 a.m.4 views

kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge

CVE-2024-36000 addresses a synchronization issue in the Linux kernel's management of huge pages. The problem arises when multiple threads modify the reservation map concurrently without proper locking, leading to potential inconsistencies and system instability...

5.5CVSS7.3AI score0.00225EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2024/08/07 12:0 a.m.5 views

The vulnerability of the __dwc3_stop_active_transfer() function in the DesignWare USB3 driver for Linux operating systems allows a hacker to compromise the accessibility of protected information.

The vulnerability of the dwc3stopactivetransfer function in the drivers/usb/dwc3/gadget.c file of the DesignWare USB3 driver for the Linux operating system is related to concurrent access to resources race conditions. Exploiting this vulnerability could allow a attacker to compromise the...

4.6CVSS6.3AI score0.00212EPSS
Exploits0References21Affected Software6
bdu_fstec
bdu_fstec
added 2024/08/07 12:0 a.m.4 views

The vulnerability of the register_winch_irq() function in the User-Mode Linux (UML) subsystem of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the registerwinchirq function in the arch/um/drivers/line.c file of the User-Mode Linux subsystem driver for the Linux operating system is related to the reallocation of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow a...

5.5CVSS6.8AI score0.00233EPSS
Exploits0References25Affected Software4
bdu_fstec
bdu_fstec
added 2024/08/07 12:0 a.m.5 views

The vulnerability of the netpoll_owner_active() function in the Linux operating system allows a hacker to compromise the accessibility of protected information.

The vulnerability of the netpollowneractive function in the net/core/netpoll.c module of the Linux kernel is related to concurrent access to resources. Exploiting this vulnerability could allow an attacker to compromise the accessibility of protected information...

4.7CVSS6.4AI score0.0019EPSS
Exploits0References34Affected Software7
redhatcve
redhatcve
added 2024/07/31 9:15 a.m.23 views

CVE-2024-41088

An infinite loop flaw was found in the MCP251xfd CAN driver in Linux Kernel that occurs when mcp251xfdstartxmit fails. Failure to transmit a message can lead to the driver halting message processing and getting stuck in an endless loop, particularly when multiple devices shared the same SPI...

5.5CVSS6.1AI score0.00227EPSS
Exploits0References4
osv
osv
added 2024/07/29 4:15 p.m.6 views

UBUNTU-CVE-2024-41088

In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfdstartxmit function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running...

5.5CVSS6.3AI score0.00227EPSS
Exploits0References17
attackerkb
attackerkb
added 2024/07/12 1:15 p.m.4 views

CVE-2024-39500

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

4.7CVSS6.4AI score0.00197EPSS
Exploits0References6Affected Software1
osv
osv
added 2024/06/25 3:15 p.m.6 views

DEBIAN-CVE-2024-39293

In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instances redirect to the same...

4.7CVSS6AI score0.00138EPSS
Exploits0References1
osv
osv
added 2024/06/25 3:15 p.m.7 views

UBUNTU-CVE-2024-39293

In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instances redirect to the same...

4.7CVSS6.6AI score0.00138EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2024/06/17 12:0 a.m.5 views

The vulnerability of the queue_oob() function in socket implementations for kernels AF_UNIX in Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the queueoob function in the net/unix/afunix.c module, which is part of the AFUNIX socket implementation in Linux operating systems, relates to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability can allow an...

5.5CVSS6.4AI score0.0067EPSS
Exploits0References11Affected Software3
bdu_fstec
bdu_fstec
added 2024/06/14 12:0 a.m.7 views

The vulnerability of the msft_do_close() function in the Linux operating system’s Bluetooth kernel implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the msftdoclose function in the net/bluetooth/msft.c module of the Linux operating system’s Bluetooth protocol implementation is related to the reallocation of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an attacker...

6.4CVSS6.4AI score0.00212EPSS
Exploits0References15Affected Software4
Rows per page
Query Builder