204 matches found
UBUNTU-CVE-2023-32246
In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcubarrier in ksmbdserverexit racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcubarrier is not called at module unload time, so nothing prevents ksmbd from getting unloaded...
CVE-2023-23540
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges...
CVE-2023-23514
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges...
CVE-2022-32934
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. A remote user may be able to cause kernel code execution...
CVE-2022-29206
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments. In this case, a reference gets bound to a nullptr during kernel execution. This is...
CVE-2021-29551
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixTriangularSolvehttps://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrixtriangularsolveopimpl.hL160-L240 fails to terminate kernel...
CVE-2020-8876
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
CVE-2020-17402
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 47270. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
kernel: x86/hyperv: fix kexec crash due to VP assist page corruption
in cpuhpsetupstate a requisite condition of "hypervinitcpuhp 0" for the hyperv case will never be true, and then hvcpudie won't be called on all CPUs and the VP assist page will not be reset. This leads to corruption of the previous VP assist page and ultimately panic if the kexec kernel is using...
CVE-2025-1290
A race condition Use-After-Free vulnerability exists in the virtiotransportspaceupdate function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtiovsocksock structure during an AFVSOCK connect syscall can occur before a worker thread accesses it resulting in a...
CVE-2025-24228
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to execute arbitrary code with kernel privileges...
CVE-2025-0287 CVE-2025-0287
Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation...
CVE-2022-2484
The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs...
CVE-2024-5681
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver...
CLSA-2025-1737468474 kernel: Fix of 4 CVEs
media: edia: dvbdev: fix a use-after-free CVE-2024-27043 - btrfs: dev-replace: properly validate device names CVE-2024-26791 - KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory CVE-2024-50115 - net/sched: stop qdisctreereducebacklog on TCHROOT CVE-2024-53057 - ipc/sem.c: bugfix for...
x86/hyperv: fix kexec crash due to VP assist page corruption
...
riscv: kexec: Avoid deadlock in kexec crash path
...
CVE-2024-5681
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver...
CVE-2024-5681
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver...
CVE-2024-5681
CVE-2024-5681 involves the Schneider Electric EcoStruxure Foxboro DCS product family, specifically the Foxboro.sys driver used by EcoStruxure Foxboro DCS Core Control Services. The issue arises from insufficient input validation in an IOCTL handling path, enabling a local attacker with user acces...