Lucene search
K

174 matches found

Positive Technologies
Positive Technologies
added 2022/10/06 12:0 a.m.5 views

PT-2022-7127 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A vulnerability in the Linux Kernel is related to synchronization errors when using a shared resource in the tcp getsockopt and tcp setsockopt functions of the TCP Handler component...

9.8CVSS7.5AI score0.93838EPSS
Exploits82References1584
RedHat Linux
RedHat Linux
added 2022/07/19 9:14 p.m.4 views

kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses

A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...

6.8CVSS6.6AI score0.01747EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2022/05/10 1:58 p.m.4 views

kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses

A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...

6.8CVSS6.6AI score0.01747EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2022/05/10 1:43 p.m.8 views

kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses

A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...

6.8CVSS6.6AI score0.01747EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.23 views

Slackware: Security Advisory (SSA:2018-142-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7.4AI score0.03543EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2022/04/09 7:0 a.m.3 views

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw an attacker with a user privileges may crash the system or leak internal kernel information.

...

6.8CVSS6.6AI score0.01747EPSS
Exploits1
OSV
OSV
added 2022/03/25 7:15 p.m.2 views

DEBIAN-CVE-2021-4203

A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...

6.8CVSS6.3AI score0.01747EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.3 views

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a denial-of-service vulnerability caused by a "use before read" flaw in the sockgetsockopt function in net/core/sock.c. " flaw in the sockgetsockopt function in...

6.8CVSS7.3AI score0.01747EPSS
Exploits1References27
RedHat Linux
RedHat Linux
added 2021/11/09 6:6 p.m.6 views

kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()

A flaw buffer overflow in the Linux kernel BPF subsystem was found in the way user running BPF script calling getsockopt. A local user could use this flaw to crash the system or possibly escalate their privileges on the system...

7.8CVSS7.5AI score0.004EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/11/09 5:26 p.m.5 views

kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()

A flaw buffer overflow in the Linux kernel BPF subsystem was found in the way user running BPF script calling getsockopt. A local user could use this flaw to crash the system or possibly escalate their privileges on the system...

7.8CVSS7.5AI score0.004EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/09/27 12:0 a.m.9 views

PT-2021-7117 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free read flaw was found in the sock getsockopt function in net/core/sock.c due to a race condition with listen and connect when using SO PEERCRED and SO PEERGROUPS. This...

9.8CVSS7.6AI score0.93838EPSS
Exploits359References1910
OSV
OSV
added 2021/04/13 9:55 p.m.8 views

USN-4909-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service system crash. CVE-2021-20194 Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H...

7.8CVSS6.9AI score0.00544EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.254 views

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4879-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4879-1 advisory. It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad- hoc SSIDs. A local attacker could use this to...

8.8CVSS7.1AI score0.02209EPSS
Exploits0References3
OSV
OSV
added 2021/03/20 4:51 a.m.10 views

USN-4884-1 linux-oem-5.10 vulnerabilities

Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service system crash. CVE-2021-20194 It was discovered that the priority inheritance futex...

7.8CVSS6.9AI score0.01377EPSS
Exploits1References4
OSV
OSV
added 2021/03/16 6:51 a.m.6 views

USN-4879-1 linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities

It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-36158 Loris Reiff discovered that the BPF implementation in t...

8.8CVSS6.7AI score0.02209EPSS
Exploits0References3
OSV
OSV
added 2021/02/23 11:15 p.m.5 views

AZL-34857 CVE-2021-20194 affecting package kernel for versions less than 6.6.35.1-4

There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y , CONFIGBPF=y , CONFIGCGROUPS=y , CONFIGCGROUPBPF=y , CONFIGHARDENEDUSERCOPY not set, and BPF hook to getsockopt is registered. As result of BPF execution, the local user...

7.8CVSS6.7AI score0.004EPSS
Exploits0References1
OSV
OSV
added 2021/02/23 11:15 p.m.2 views

DEBIAN-CVE-2021-20194

There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y , CONFIGBPF=y , CONFIGCGROUPS=y , CONFIGCGROUPBPF=y , CONFIGHARDENEDUSERCOPY not set, and BPF hook to getsockopt is registered. As result of BPF execution, the local user...

7.8CVSS6.5AI score0.004EPSS
Exploits0References1
OSV
OSV
added 2021/02/23 11:15 p.m.5 views

AZL-6529 CVE-2021-20194 affecting package kernel for versions less than 5.15.26.1-1

There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y , CONFIGBPF=y , CONFIGCGROUPS=y , CONFIGCGROUPBPF=y , CONFIGHARDENEDUSERCOPY not set, and BPF hook to getsockopt is registered. As result of BPF execution, the local user...

7.8CVSS6.7AI score0.004EPSS
Exploits0References1
OSV
OSV
added 2021/02/23 11:15 p.m.4 views

UBUNTU-CVE-2021-20194

There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y , CONFIGBPF=y , CONFIGCGROUPS=y , CONFIGCGROUPBPF=y , CONFIGHARDENEDUSERCOPY not set, and BPF hook to getsockopt is registered. As result of BPF execution, the local user...

7.8CVSS6.8AI score0.004EPSS
Exploits0References8
Cvelist
Cvelist
added 2021/02/23 10:33 p.m.39 views

CVE-2021-20194

There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y , CONFIGBPF=y , CONFIGCGROUPS=y , CONFIGCGROUPBPF=y , CONFIGHARDENEDUSERCOPY not set, and BPF hook to getsockopt is registered. As result of BPF execution, the local user...

8.1AI score0.004EPSS
Exploits0References2
Rows per page
Query Builder