Lucene search
K

6095 matches found

UbuntuCve
UbuntuCve
added 2024/02/23 12:0 a.m.36 views

CVE-2023-52456

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TXEN pin. When the TTY port is closed in the middle of a...

5.5CVSS6.2AI score0.00175EPSS
Exploits0References18
UbuntuCve
UbuntuCve
added 2024/02/23 12:0 a.m.43 views

CVE-2023-52464

In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat: drivers/edac/thunderxedac.c: In function 'thunderxocxcomthreadedisr':...

7.8CVSS6.3AI score0.00266EPSS
Exploits0References24
NVD
NVD
added 2024/02/22 5:15 p.m.23 views

CVE-2023-52447

In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr decreases the...

6.7CVSS7.5AI score0.00248EPSS
Exploits0References8
Prion
Prion
added 2024/02/22 5:15 p.m.27 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2contextthreadfunc function, which may call pvr2contextdestroy and thus call kfree on the context object. However...

4.3CVSS7AI score0.00246EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/02/22 4:21 p.m.30 views

CVE-2024-26591 bpf: Fix re-attachment branch in bpf_tracing_prog_attach

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpftracingprogattach The following case can cause a crash due to missing attachbtf: 1 load rawtp program 2 load fentry program with rawtp as targetfd 3 create tracing link for fentry program with...

6.2AI score0.00231EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/02/22 4:21 p.m.23 views

CVE-2023-52448 gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2rgrpdump Syzkaller has reported a NULL pointer dereference when accessing rgd-rdrgl in gfs2rgrpdump. This can happen when creating rgd-rdgl fails in readrindexentry. Add a NULL...

6.2AI score0.00246EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/02/22 4:13 p.m.30 views

CVE-2024-26586 mlxsw: spectrum_acl_tcam: Fix stack corruption

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a...

7.2AI score0.00249EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/02/22 12:0 a.m.31 views

CVE-2024-26591

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpftracingprogattach The following case can cause a crash due to missing attachbtf: 1 load rawtp program 2 load fentry program with rawtp as targetfd 3 create tracing link for fentry program with...

5.5CVSS6.4AI score0.00231EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2024/02/22 12:0 a.m.56 views

CVE-2024-26589

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTRTOFLOWKEYS For PTRTOFLOWKEYS, checkflowkeysaccess only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So the variable offset is not...

7.8CVSS6.3AI score0.00239EPSS
Exploits0References13
Prion
Prion
added 2024/02/21 11:15 p.m.20 views

Hardcoded credentials

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...

5CVSS7.5AI score0.00926EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/21 10:21 p.m.29 views

CVE-2024-26147 Helm's Missing YAML Content Leads To Panic

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...

7.5CVSS7.7AI score0.00926EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/02/21 3:15 p.m.45 views

CVE-2024-26582

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

7.8CVSS6.3AI score0.00256EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2024/02/21 3:15 p.m.36 views

CVE-2024-26585

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Reorder scheduling the work before calling...

4.7CVSS6.3AI score0.0019EPSS
Exploits0References25
Prion
Prion
added 2024/02/21 3:15 p.m.35 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching already freed data...

7.6AI score0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/21 2:59 p.m.33 views

CVE-2024-26584 net: tls: handle backlogging of crypto requests

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations. For...

6.4AI score0.00246EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/02/21 2:59 p.m.58 views

CVE-2024-26582

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

7.8CVSS7.5AI score0.00256EPSS
Exploits0
Cvelist
Cvelist
added 2024/02/21 7:21 a.m.18 views

CVE-2023-52441 ksmbd: fix out of bounds in init_smb2_rsp_hdr()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in initsmb2rsphdr If client send smb2 negotiate request and then send smb1 negotiate request, initsmb2rsphdr is called for smb1 negotiate request since needneg is set to false. This patch ignore smb1...

8.7AI score0.00378EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/21 7:21 a.m.20 views

CVE-2023-52440 ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigger than session key sizeCIFSKEYSIZE, slub overflow can happen in key exchange codes. cifsarc4crypt copy to session key array from...

7.1AI score0.36685EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2024/02/20 9:15 p.m.30 views

CVE-2023-52436

In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed...

7.8CVSS6.3AI score0.00302EPSS
Exploits0References22
Debian CVE
Debian CVE
added 2024/02/20 6:34 p.m.33 views

CVE-2023-52439

In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uioopen core-1 core-2 ------------------------------------------------------- uiounregisterdevice uioopen idev = idrfind deviceunregister&idev-dev putdevice&idev-dev uiodevicerelease getdevice&idev-dev...

7.8CVSS6.8AI score0.00299EPSS
Exploits0
Rows per page
Query Builder