2562 matches found
The vulnerability of the dm1105_remove() function in the drivers/media/pci/dm1105/dm1105.c file of the TV Tuner driver on the DM1105 chip in the Linux operating system can be exploited by an attacker, thereby compromising the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the dm1105remove function in the drivers/media/pci/dm1105/dm1105.c file of the TV Tuner driver on the DM1105 chip in the Linux operating system is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability coul...
The vulnerability of the ravbremove() function in the drivers/net/ethernet/renesas/ravb_main.c file of the network device driver for the Linux operating system’s kernels allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the ravbremove function in the drivers/net/ethernet/renesas/ravbmain.c file of the Renesas network device driver for the Linux operating system is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability coul...
kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events
The Linux kernel's Performance Events subsystem has a use-after-free flaw that occurs when a user triggers the perfgroupdetach and removeonexec functions simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system...
The vulnerability of the r592remove() function in the drivers/memstick/host/r592.c kernel module of the Linux operating system allows an attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the r592remove function in the drivers/memstick/host/r592.c kernel module of the Linux operating system is related to the use of previously freed memory due to concurrent access to resources race condition. Exploiting this vulnerability could allow an attacker to compromise t...
The vulnerability of the f2fs_write_end_io() function in the fs/f2fs/data.c file of the Linux kernel’s file system f2fs allows a privileged attacker to cause a service failure.
The vulnerability of the f2fswriteendio function in the fs/f2fs/data.c file of the Linux operating system’s file system f2fs is related to the swapping of the zero pointer from a concurrent access resource in a race condition. Exploiting this vulnerability could allow an attacker to cause service...
OESA-2023-1303 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement...
Linux kernel resource management error vulnerability (CNVD-2023-48540)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a resource management error vulnerability that stems from the incorrect handling of per-CPU sequence counts during concurrent iptables rule...
Double free
An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAPNETADMIN capability in an...
UBUNTU-CVE-2020-36694
An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAPNETADMIN capability in an...
The vulnerability of the Qualcomm Technologies EMAC Gigabit Ethernet Controller kernel in the Linux operating system, located in the emacremove() function, allows a attacker to compromise the confidentiality, integrity, and accessibility of data.
The vulnerability of the Qualcomm Technologies EMAC Gigabit Ethernet Controller driver for the Linux operating system is related to concurrent access to resources due to incorrect synchronization in the emacremove function within the drivers/net/ethernet/qualcomm/emac/emac.c module. Exploiting th...
kernel: dm cache: Fix UAF in destroy()
In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in destroy...
kernel: dm thin: Fix UAF in run_timer_softirq()
In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...
kernel: dm integrity: Fix UAF in dm_integrity_dtr()
A use-after-free vulnerability was found in the Linux kernel's device mapper integrity subsystem. When dmresume and dmdestroy execute concurrently, a timer may fire and access freed memory because dmintegritydtr did not properly cancel the timer before freeing resources. The fix adds an additiona...
kernel: drm/i915/reset: Fix error_state_read ptr + offset use
In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstateread when there is no i915gpucoredump but buf offset is non-zero. This fixes a kernel page fault can happen when multiple tests are...
PT-2023-24110 · Jenkins · Jenkins Pipeline: Job Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Job Plugin versions 1292.v27d8cc3e2602 and earlier Description: The Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site...
Race Condition
org.opensearch.plugin:opensearch-security is vulnerable to a Race Condition. Improper access authorization can occur from exceedingly rare race condition in the application which results in the failure to apply the fine-grained access control rules to queries. When the query cache eviction occurs...
kernel: dm cache: Fix UAF in destroy()
In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in destroy...
kernel: memory leak in ipv6_renew_options()
A memory leak flaw was found in the Linux kernel’s IPv6 functionality in how a user triggers the setsockopt of the IPV6ADDRFORM and IPV6DSTOPTS type. This flaw allows a user to crash the system if the setsockopt function is being called simultaneously with the IPV6ADDRFORM type and other processe...
kernel: race condition in xfrm_probe_algs can lead to OOB read/write
A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...
kernel: dm integrity: Fix UAF in dm_integrity_dtr()
A use-after-free vulnerability was found in the Linux kernel's device mapper integrity subsystem. When dmresume and dmdestroy execute concurrently, a timer may fire and access freed memory because dmintegritydtr did not properly cancel the timer before freeing resources. The fix adds an additiona...