Lucene search
+L

226 matches found

Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.12 views

PT-2024-11866 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: The issue is related to the Linux kernel's NVMe component, specifically with the nvme mpath revalidate paths function in drivers/nvme/host/multipath.c and the nvme ns remove functi...

9.1CVSS6.6AI score0.03681EPSS
Exploits10References1696
Microsoft CVE
Microsoft CVE
added 2024/10/12 7:0 a.m.2 views

scsi: qla2xxx: validate nvme_local_port correctly

...

5.5CVSS6.6AI score0.00236EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/10/04 12:0 a.m.7 views

The vulnerability of the nvme_tcp_error_recovery_work() function in the Linux operating system’s NVMe driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the nvmetcperrorrecoverywork function in the drivers/nvme/host/tcp.c file of the Linux NVMe kernel driver is related to the reutilization of previously released memory due to concurrent access to resources race condition. Exploiting this vulnerability could allow an attacker ...

7.8CVSS6.8AI score0.00246EPSS
Exploits0References16Affected Software3
RedHat Linux
RedHat Linux
added 2024/09/24 12:40 a.m.4 views

kernel: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound UBSAN with byte size cells If a cell has 'nbits' equal to a multiple of BITSPERBYTE the logic p &= GENMASKcell-nbits%BITSPERBYTE - 1, 0; will become undefined behavior because nbits modulo BITSPERBYT...

7.8CVSS6.8AI score0.00221EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/11 1:10 a.m.12 views

kernel: nvme: avoid double free special payload

In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQFSPECIALLOAD when the request is cleaned...

7.8CVSS6.4AI score0.00248EPSS
Exploits0References5
OSV
OSV
added 2024/08/26 11:15 a.m.3 views

AZL-48689 CVE-2024-43913 affecting package kernel for versions less than 6.6.64.2-9

In the Linux kernel, the following vulnerability has been resolved: nvme: apple: fix device reference counting Drivers must call nvmeuninitctrl after a successful nvmeinitctrl. Split the allocation side out to make the error handling boundary easier to navigate. The apple driver had been doing th...

5.5CVSS6.6AI score0.00211EPSS
Exploits0References1
OSV
OSV
added 2024/08/12 8:31 p.m.17 views

CLSA-2024-1723494706 Fix of 19 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-42068 - bpf: Take return from setmemoryro into account with bpfproglockro CVE-url: https://ubuntu.com/security/CVE-2024-42079 - gfs2: Fix NULL pointer dereference in gfs2logflush CVE-url: https://ubuntu.com/security/CVE-2024-42226 - usb: xhci: prevent...

7.8CVSS6.8AI score0.00284EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2024/08/10 7:0 a.m.2 views

nvme-rdma: fix possible use-after-free in transport error_recovery work

...

7.8CVSS6.8AI score0.00324EPSS
Exploits0
OSV
OSV
added 2024/07/29 4:15 p.m.7 views

AZL-48057 CVE-2024-41085 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix no cxlnvd during pmem region auto-assembling When CXL subsystem is auto-assembling a pmem region during cxl endpoint port probing, always hit below calltrace. BUG: kernel NULL pointer dereference, address:...

5.5CVSS6.3AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 3:15 p.m.3 views

UBUNTU-CVE-2024-41073

In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQFSPECIALLOAD when the request is cleaned...

7.8CVSS6.2AI score0.00248EPSS
Exploits0References31
OSV
OSV
added 2024/06/26 1:1 p.m.12 views

USN-6819-4 linux-oracle-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

7.8CVSS6.5AI score0.78388EPSS
Exploits2References150
RedHat Linux
RedHat Linux
added 2024/06/11 5:33 p.m.7 views

kernel: NULL pointer dereference in __nvmet_req_complete

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...

7.5CVSS6.6AI score0.01537EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.5 views

Silicon Labs Gecko SDK Security Vulnerability

The Silicon Labs Gecko SDK GSDK is an open source library from Silicon Labs. Combines the Silicon Labs Wireless Software Development Kit SDK and the Gecko platform into one integrated package. A security vulnerability exists in the Silicon Labs Gecko SDK that stems from meshnodepoweroff's inabili...

5.6CVSS6.8AI score0.00267EPSS
Exploits0References3
OSV
OSV
added 2024/05/17 3:15 p.m.4 views

UBUNTU-CVE-2024-35848

In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the...

4.7CVSS6.1AI score0.00187EPSS
Exploits0References27
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.10 views

kernel: NVMe: info leak due to out-of-bounds read in nvmet_ctrl_find_get

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer...

4.3CVSS7AI score0.01657EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.5 views

IEIT NF5280M6 安全漏洞

The IEIT NF5280M6 is a UEFI boot firmware from China Wave Information IEIT. A security vulnerability exists in the IEIT NF5280M6 version 8.4 and earlier, which stems from improper function usage and a pool overflow vulnerability that could lead to tampering of memory data by an attacker with acce...

7.7CVSS6.5AI score0.00198EPSS
Exploits0References3
OSV
OSV
added 2024/04/17 10:15 a.m.1 views

DEBIAN-CVE-2024-26846

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

4.4CVSS5.2AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/05 12:0 a.m.5 views

Lenovo ThinkStation 安全漏洞

Lenovo ThinkStation Lenovo Desktop Workstation is a desktop workstation from the Chinese company Lenovo. A security vulnerability exists in the BIOS of Lenovo Desktop, Smart Edge, and ThinkStation, which originates from a vulnerability that allows a local attacker with elevated privileges to writ...

6.7CVSS6.5AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2024/03/19 3:27 p.m.14 views

USN-6686-3 linux-oracle, linux-oracle-5.15 vulnerabilities

It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-22995 It was discovered that a race...

7.8CVSS6.9AI score0.01657EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.8 views

PT-2024-2539 · Lenovo · Lenovo Notebook

Name of the Vulnerable Software and Affected Versions: Lenovo Notebook products affected versions not specified Description: A potential memory leakage vulnerability was reported in some Lenovo Notebook products. This issue may allow a local attacker with elevated privileges to write to NVRAM...

6.7CVSS7.4AI score0.00179EPSS
Exploits0References6
Rows per page
Query Builder