Lucene search
K

191 matches found

OSV
OSV
added 2025/02/26 2:11 a.m.10 views

CVE-2022-49390 macsec: fix UAF bug for real_dev

In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev Create a new macsec device but not get reference to realdev. That can not ensure that realdev is freed after macsec. That will trigger the UAF bug for realdev as following:...

7.8CVSS5.3AI score0.00256EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory misreference vulnerability that stems from a macsec device not obtaining a reference to realdev, which can be exploited by an attacker to cau...

7.8CVSS5.4AI score0.00256EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/01/28 12:0 a.m.63 views

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20066)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20066 advisory. - NFSD: Limit the number of concurrent async COPY operations Chuck Lever Orabug: 37516381 CVE-2024-49974 - NFSD: Async COPY result needs to return...

7.8CVSS7.2AI score0.00274EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/12/11 12:0 a.m.4 views

The vulnerability of the Linux operating system’s kernel’s macsec component, which allows a hacker to cause a service failure

The vulnerability of the Linux operating system’s macsec kernel component is related to the lack of memory release after the effective lifespan of the component. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS5.7AI score0.00223EPSS
Exploits0References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.6 views

The vulnerability of the macsec_free_netdev() function in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the macsecfreenetdev function in the drivers/net/macsec.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

7.8CVSS6.8AI score0.0022EPSS
Exploits0References15Affected Software5
RedhatCVE
RedhatCVE
added 2024/11/21 7:15 p.m.12 views

CVE-2024-50261

A use-after-free vulnerability was found in the Linux kernel. The metadatadst, which is used to store the SCI value for macsec offload, is freed by metadatadstfree in macsecfreenetdev, while the driver still uses it to send the packet. Mitigation Mitigation for this issue is either not available ...

6.1CVSS7.4AI score0.0022EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/11/10 3:48 a.m.1 views

SUSE CVE-2024-50261

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

6.4CVSS7.7AI score0.0022EPSS
Exploits0References19
OSV
OSV
added 2024/11/09 11:15 a.m.1 views

DEBIAN-CVE-2024-50261

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

7.8CVSS6AI score0.0022EPSS
Exploits0References1
OSV
OSV
added 2024/11/09 11:15 a.m.7 views

AZL-53379 CVE-2024-50261 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

7.8CVSS6.8AI score0.0022EPSS
Exploits0References1
NVD
NVD
added 2024/11/09 11:15 a.m.13 views

CVE-2024-50261

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

7.8CVSS0.0022EPSS
Exploits0References5
OSV
OSV
added 2024/11/09 11:15 a.m.8 views

UBUNTU-CVE-2024-50261

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

7.8CVSS6.5AI score0.0022EPSS
Exploits0References19
Debian CVE
Debian CVE
added 2024/11/09 10:15 a.m.11 views

CVE-2024-50261

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

7.8CVSS6AI score0.0022EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/11/09 10:15 a.m.13 views

CVE-2024-50261 macsec: Fix use-after-free while sending the offloading packet

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

6.4AI score0.0022EPSS
Exploits0References4
OSV
OSV
added 2024/11/09 10:15 a.m.10 views

CVE-2024-50261 macsec: Fix use-after-free while sending the offloading packet

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

7.8CVSS6.1AI score0.0022EPSS
Exploits0References8
CVE
CVE
added 2024/11/09 10:15 a.m.159 views

CVE-2024-50261

Mode C CVE-2024-50261 (macsec use-after-free) affects the Linux kernel’s macsec offload path. The issue stems from metadata_dst being freed prematurely in macsec_free_netdev() while a packet is still using it. The fix replaces metadata_dst freeing with dst_release() so that metadata_dst is not fr...

7.8CVSS6.6AI score0.0022EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/11/09 10:15 a.m.22 views

CVE-2024-50261 macsec: Fix use-after-free while sending the offloading packet

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

0.0022EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/08/22 3:29 a.m.3 views

SUSE CVE-2022-48882

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...

5.5CVSS6.2AI score0.00205EPSS
Exploits0References6
OSV
OSV
added 2024/08/21 7:15 a.m.1 views

UBUNTU-CVE-2022-48882

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...

5.5CVSS5.9AI score0.00205EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/08/21 7:15 a.m.17 views

CVE-2022-48882

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...

5.5CVSS5.9AI score0.00205EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/08/21 6:10 a.m.18 views

CVE-2022-48882

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...

5.5CVSS5.3AI score0.00205EPSS
Exploits0
Rows per page
Query Builder