Lucene search
K

58 matches found

Cvelist
Cvelist
added 2024/05/17 11:50 a.m.28 views

CVE-2024-27413 efi/capsule-loader: fix incorrect allocation size

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...

6.5AI score0.00244EPSS
Exploits0References8
OSV
OSV
added 2024/05/17 11:50 a.m.21 views

CVE-2024-27413 efi/capsule-loader: fix incorrect allocation size

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...

5.5CVSS5.9AI score0.00244EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2024/05/17 11:50 a.m.35 views

CVE-2024-27413 efi/capsule-loader: fix incorrect allocation size

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...

6.8AI score0.00244EPSS
Exploits0References8
CVE
CVE
added 2024/05/17 11:50 a.m.146 views

CVE-2024-27413

CVE-2024-27413 is a Linux kernel vulnerability affecting the EFI capsule loader. The defect occurs in drivers/firmware/efi/capsule-loader.c during efi_capsule_open, where an allocation uses sizeof(void*) for a phys_addr_t on 32-bit builds, leading to insufficient allocation size (4 bytes vs 8). T...

5.5CVSS6.7AI score0.00244EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2024/05/17 11:50 a.m.21 views

CVE-2024-27413

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...

5.5CVSS7.3AI score0.00244EPSS
Exploits0
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect memory allocation in the efi/capsule-loader module...

5.5CVSS6.4AI score0.00244EPSS
Exploits0References10
OSV
OSV
added 2023/05/10 3:11 p.m.10 views

USN-6071-1 linux-oem-5.17 vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...

7.8CVSS6.8AI score0.0788EPSS
Exploits18References13
Ubuntu
Ubuntu
added 2023/05/10 3:11 p.m.86 views

USN-6071-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...

7.8CVSS7.2AI score0.0788EPSS
Exploits18
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.2 views

SUSE CVE-2022-40307

An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free...

6.7CVSS6.5AI score0.00199EPSS
Exploits0References13
OSV
OSV
added 2023/01/19 8:7 p.m.14 views

USN-5815-1 linux-bluefield vulnerabilities

It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-20421 David Leadbeater...

7.8CVSS7AI score0.01429EPSS
Exploits3References12
Ubuntu
Ubuntu
added 2023/01/10 9:58 p.m.85 views

USN-5793-3: Linux kernel vulnerabilities

It was discovered that the iouring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3910 ...

7.8CVSS7AI score0.01429EPSS
Exploits5
OSV
OSV
added 2023/01/10 8:10 p.m.15 views

USN-5791-3 linux-azure-5.4, linux-azure-fde vulnerabilities

It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-20421 David Leadbeater...

7.8CVSS7AI score0.01429EPSS
Exploits3References12
Ubuntu
Ubuntu
added 2023/01/09 8:51 p.m.89 views

USN-5791-2: Linux kernel (Azure) vulnerabilities

It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-20421 David Leadbeater...

7.8CVSS7.2AI score0.01429EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/01/09 8:8 p.m.95 views

USN-5792-2: Linux kernel vulnerabilities

Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization SEV. A local attacker could possibly use this to cause a denial of service host system crash. CVE-2022-0171 It was discovered th...

7.8CVSS7.2AI score0.01429EPSS
Exploits3
OpenVAS
OpenVAS
added 2023/01/09 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-5790-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7AI score0.00645EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/01/07 12:0 a.m.56 views

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5792-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5792-1 advisory. Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secu...

7.8CVSS7.2AI score0.01429EPSS
Exploits3References14
Ubuntu
Ubuntu
added 2023/01/06 10:52 p.m.105 views

USN-5793-1: Linux kernel vulnerabilities

It was discovered that the iouring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3910 ...

7.8CVSS7AI score0.01429EPSS
Exploits5
Ubuntu
Ubuntu
added 2023/01/06 10:24 p.m.133 views

USN-5792-1: Linux kernel vulnerabilities

Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization SEV. A local attacker could possibly use this to cause a denial of service host system crash. CVE-2022-0171 It was discovered th...

7.8CVSS7.2AI score0.01429EPSS
Exploits3
Debian
Debian
added 2022/10/18 9:6 p.m.53 views

[SECURITY] [DSA 5257-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5257-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2022 https://www.debian.org/security/faq -...

8.8CVSS8.8AI score0.03763EPSS
Exploits10
OSV
OSV
added 2022/10/02 1:45 p.m.6 views

GSD-2022-1006450 efi: capsule-loader: Fix use-after-free in efi_capsule_write

efi: capsule-loader: Fix use-after-free in eficapsulewrite This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.293 by commit...

7.3AI score
Exploits0
Rows per page
Query Builder