Lucene search
+L

59 matches found

CNNVD
CNNVD
added 2024/12/27 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a resource leak in the firmwareloader module...

5.5CVSS6.5AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2024/11/11 6:9 p.m.23 views

CLSA-2024-1731348593 kernel: Fix of 18 CVEs

mm: call the securitymmapfile LSM hook in remapfilepages CVE-2024-47745 - slip: make slhcremember more robust against malicious packets CVE-2024-50033 - drm/amdkfd: amdkfdfreegttmem clear the correct pointer CVE-2024-49991 - firmwareloader: Block path traversal CVE-2024-47742 - ext4: avoid OOB...

8.8CVSS6.9AI score0.00835EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2024/11/09 8:0 a.m.4 views

firmware_loader: Block path traversal

...

7.8CVSS7.2AI score0.00286EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/10/21 3:46 p.m.13 views

SUSE CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

6CVSS6.3AI score0.00286EPSS
Exploits0References20
NVD
NVD
added 2024/10/21 1:15 p.m.17 views

CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

7.8CVSS0.00286EPSS
Exploits0References11
OSV
OSV
added 2024/10/21 1:15 p.m.2 views

DEBIAN-CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

7.8CVSS6.3AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 1:15 p.m.12 views

AZL-50800 CVE-2024-47742 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

7.8CVSS6.6AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 1:15 p.m.3 views

AZL-51027 CVE-2024-47742 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

7.8CVSS6.6AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 1:15 p.m.3 views

UBUNTU-CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

7.8CVSS6.5AI score0.00286EPSS
Exploits0References43
Cvelist
Cvelist
added 2024/10/21 12:14 p.m.25 views

CVE-2024-47742 firmware_loader: Block path traversal

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

0.00286EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/10/21 12:14 p.m.12 views

CVE-2024-47742 firmware_loader: Block path traversal

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

6.8AI score0.00286EPSS
Exploits0References9
CVE
CVE
added 2024/10/21 12:14 p.m.170 views

CVE-2024-47742

CVE-2024-47742 : Linux kernel firmware_loader path traversal vulnerability. Several code paths construct firmware filenames from device or userspace data (e.g., lpfc_sli4_request_firmware_update, nfp_net_fw_find, module_flash_fw_schedule). The issue arises when dynamic firmware names can include ...

7.8CVSS7.9AI score0.00286EPSS
Exploits0References11Affected Software1
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.2 views

Linux kernel 路径遍历漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper handling of path traversal in the firmwareloader component...

7.8CVSS6.7AI score0.00286EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.12 views

PT-2024-32788

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58 Description The issue is related to the firmware loader in the Linux kernel, where certain code paths construct firmware file names from string components passed through from devices or semi-privileged...

7.8CVSS7.1AI score0.00286EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.2 views

kernel: firmware_loader: Fix use-after-free during unregister

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...

7.8CVSS6.3AI score0.00211EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.3 views

kernel: firmware_loader: Fix use-after-free during unregister

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...

7.8CVSS6.3AI score0.00211EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.10 views

PT-2025-25877 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue has been identified in the Linux kernel's firmware loader. The problem occurs during the unregister process, where the device unregister call could result in the...

8.8CVSS6.1AI score0.12746EPSS
Exploits32References1103
OSV
OSV
added 2022/09/16 11:22 p.m.13 views

GSD-2022-1004973 firmware_loader: Fix memory leak in firmware upload

firmwareloader: Fix memory leak in firmware upload This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.8 by commit...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.3 views

PT-2022-33233 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19 through v5.19.7 Description: A use-after-free issue was discovered during the unregister process in the firmware loader. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linu...

7.4AI score
Exploits0References1
Rows per page
Query Builder