PT-2023-9451 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free bug has been identified in the gadgetfs driver of the Linux kernel, involving processes concurrently mounting and unmounting the gadgetfs filesystem. The bug occurs wh...

The vulnerability of the binder.c component in the Linux operating system’s kernel allows a hacker to increase their privileges.

The vulnerability of the binder.c component in Linux operating systems is related to errors during multi-threaded tasks race conditions. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Race Condition

github.com/kubernetes-sigs/aws-efs-csi-driver is vulnerable to race conditions. An attacker is able to trigger a race condition during concurrent TLS mounts because concurrent mount operations may allocate the same local port, leading to either failed mount operations or an inappropriate mapping ...

CVE-2022-46174

A potential race condition issue exists within the Amazon EFS mount helper in efs-utils and aws-efs-csi-driver when using TLS to mount file systems. The mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent...

efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts

Impact A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below, and aws-efs-csi-driver versions v1.4.7 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior t...

Amazon efs-utils 竞争条件问题漏洞

Amazon efs-utils is an EFS tool for Amazon by Amazon.com. A competing conditions vulnerability exists in Amazon efs-utils prior to v1.34.4, which stems from a potential competing conditions issue where concurrent mount operations may allocate the same local port, resulting in a failed mount...

HTTPLoot - An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And "Loot" Secrets Out Of The Client-Facing Code Of Sites

An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites. Usage To use the tool, you can grab any one of the pre-built binaries from the Releases section of the repository. If you want to build the source cod...

ASB-A-253333208

When the function is called by multiple threads at the same time, it causes the code logic to change...

Binary Vulnerability in Pbzip2

PBZIP2 is a concurrent compression program. A binary vulnerability exists in Pbzip2 that can be exploited by an attacker to cause a denial of service attack...

Pbzip2 has a binary vulnerability (CNVD-2022-88832)

PBZIP2 is a concurrent compression program. A binary vulnerability exists in Pbzip2 that can be exploited by an attacker to obtain sensitive information...

kernel: race condition in snd_pcm_hw_free leading to use-after-free

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hwparams. The hwfree ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges ...

kernel: race condition in snd_pcm_hw_free leading to use-after-free

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hwparams. The hwfree ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges ...

DEBIAN-CVE-2022-22677

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...

CVE-2022-22677

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...

Code injection

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...

CVE-2022-22677

CVE-2022-22677 describes a logic issue in the handling of concurrent media (WebKit/WebRTC) that could interrupt video self-preview when a phone call is answered. Affected software is Apple platforms implementing WebKit/WebRTC (notably macOS Monterey and iOS/iPadOS in the 12.4/15.5 family). The ro...

CVE-2022-22677

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...

CVE-2022-22677

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...

Race condition

A vulnerability regarding concurrent execution using shared resource with improper synchronization 'Race Condition' is found in the session processing functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following...

CVE-2022-27626

A vulnerability regarding concurrent execution using shared resource with improper synchronization 'Race Condition' is found in the session processing functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following...