Lucene search
K

174 matches found

RedHat Linux
RedHat Linux
added 2023/06/27 3:10 p.m.5 views

kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference

A use-after-free flaw was found in the dotlsgetsockopt function in net/tls/tlsmain.c in the Transport Layer Security TLS in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition...

7CVSS6.6AI score0.0027EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/21 2:50 p.m.4 views

kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference

A use-after-free flaw was found in the dotlsgetsockopt function in net/tls/tlsmain.c in the Transport Layer Security TLS in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition...

7CVSS6.6AI score0.0027EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/21 2:46 p.m.6 views

kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference

A use-after-free flaw was found in the dotlsgetsockopt function in net/tls/tlsmain.c in the Transport Layer Security TLS in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition...

7CVSS6.6AI score0.0027EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/03/17 4:19 a.m.3 views

SUSE CVE-2023-28466

dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference...

7.8CVSS6.6AI score0.0027EPSS
Exploits0References49
OSV
OSV
added 2023/03/16 12:15 a.m.5 views

AZL-25661 CVE-2023-28466 affecting package kernel for versions less than 5.15.107.1-2

dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference...

7CVSS6.7AI score0.0027EPSS
Exploits0References1
OSV
OSV
added 2023/03/16 12:15 a.m.0 views

DEBIAN-CVE-2023-28466

dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference...

7CVSS6.4AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.8 views

PT-2023-2332 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.2.7 Description: The issue is related to a race condition in the Linux kernel's TLS protocol implementation, specifically in the do tls getsockopt conf and do tls setsockopt conf functions in the net/tls/tls...

10CVSS6.2AI score0.93838EPSS
Exploits80References1158
F5 Networks
F5 Networks
added 2023/02/21 7:31 p.m.34 views

K16349: Linux kernel vulnerability CVE-2009-0676

Security Advisory Description Description The sockgetsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SOBSDCOMPAT getsockopt reques...

2.1CVSS4AI score0.00701EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.3 views

SUSE CVE-2006-1343

net/ipv4/netfilter/ipconntrackcore.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nfconntrackl3protoipv4.c in 2.6, does not clear sockaddrin.sinzero before returning IPv4 socket names from the getsockopt function with SOORIGINALDST, which allows local users to obtain portions of...

2.1CVSS6.5AI score0.0042EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.4 views

SUSE CVE-2009-0676

The sockgetsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SOBSDCOMPAT getsockopt request...

2.1CVSS6AI score0.00701EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.3 views

SUSE CVE-2010-3081

The compatallocuserspace functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the...

7.8CVSS6.7AI score0.03533EPSS
Exploits3References14
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.6 views

SUSE CVE-2010-4529

Integer underflow in the irdagetsockopt function in net/irda/afirda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMPENUMDEVICES getsockopt call...

2.1CVSS6.1AI score0.00395EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.3 views

SUSE CVE-2011-2492

The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to 1 the l2capsockgetsockoptold function in...

1.9CVSS5.9AI score0.00354EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.2 views

SUSE CVE-2013-1828

The sctpgetsockoptassocstats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copyfromuser operation, which allows local users to gain privileges via a crafted application that contains an SCTPGETASSOCSTATS getsockopt system call...

6.9CVSS6.5AI score0.01014EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.4 views

SUSE CVE-2013-1827

net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash by leveraging the CAPNETADMIN capability for a certain 1 sender or 2 receiver getsockopt call...

6.2CVSS6.5AI score0.0048EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.4 views

SUSE CVE-2013-4588

Multiple stack-based buffer overflows in net/netfilter/ipvs/ipvsctl.c in the Linux kernel before 2.6.33, when CONFIGIPVS is used, allow local users to gain privileges by leveraging the CAPNETADMIN capability for 1 a getsockopt system call, related to the doipvsgetctl function, or 2 a setsockopt...

7CVSS6.8AI score0.00399EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.4 views

SUSE CVE-2018-6555

The irdasetsockopt function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kernel before 4.17 allows local users to cause a denial of service iasobject use-after-free and system crash or possibly have unspecified other impact via an AFIRDA socket...

4.4CVSS7.7AI score0.00497EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.2 views

SUSE CVE-2021-20194

There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y , CONFIGBPF=y , CONFIGCGROUPS=y , CONFIGCGROUPBPF=y , CONFIGHARDENEDUSERCOPY not set, and BPF hook to getsockopt is registered. As result of BPF execution, the local user...

6.4CVSS6.9AI score0.004EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.3 views

SUSE CVE-2022-3566

A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assign...

4.7CVSS6AI score0.00344EPSS
Exploits0References19
OSV
OSV
added 2022/10/17 7:15 p.m.2 views

DEBIAN-CVE-2022-3566

A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assign...

7.1CVSS5.2AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder