9 matches found
The vulnerability of the smb2_is_network_name_deleted() function in the Linux kernel-based SMB client implementation allows a attacker to cause a service failure.
The vulnerability of the smb2isnetworknamedeleted function in the fs/smb/client/smb2ops.c module of the SMB protocol client implementation in Linux operating systems is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to cause a servic...
Ubuntu 23.10 : Linux kernel (Azure) vulnerabilities (USN-6572-1)
The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6572-1 advisory. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged...
SUSE SLES15: kernel-livepatch-5_14_21-150400_24_74-default / etc (SUSE-SU-2023:4805-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4805-1 advisory. This update for the Linux Kernel 5.14.21-1504002474 fixes several issues. The following security issues were fixed: - CVE-2023-3610: Fixed...
CVE-2023-6610
CVE-2023-6610 is an out-of-bounds read in Linux kernel’s smb2_dump_detail() (fs/smb/client/smb2ops.c). The vulnerability can allow a local attacker to crash the kernel or leak internal kernel information. Connected advisories (e.g., MiracleLinux/Tencent/Tenable Nessus entries) confirm the issue a...
CVE-2023-6606
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-385)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-385 advisory. In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting CVE-2022-48628 A use-after-free vulnerability in the Linux kernel's netfilter:...
CVE-2023-5345
CVE-2023-5345 : A use-after-free in the Linux kernel kernel’s fs/smb/client component can enable local privilege escalation. Specifically, an error in smb3_fs_context_parse_param frees ctx->password but does not set it to NULL, risking a double-free scenario. The issue is documented in the CVE...
CVE-2023-5345 Use-after-free in Linux kernel's fs/smb/client component
A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3fscontextparseparam, ctx-password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading pas...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a resource management error vulnerability that originates from a confusion in the instructions responsible for freeing memory in the fs/smb/client...