6634 matches found
CVE-2022-23084
CVE-2022-23084 concerns the FreeBSD netmap component. The vulnerability is a time-of-check to time-of-use bug in nmreq_copyin(): the total size of a user-provided nmreq is computed and then trusted during the copy, enabling kernel memory corruption. Impact requires netmap in devfs_ruleset; a priv...
CVE-2022-23084 Potential jail escape vulnerabilities in netmap
The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...
PT-2024-11053 · Unknown · Asp Secure Os
Name of the Vulnerable Software and Affected Versions: ASP Secure OS affected versions not specified Description: The issue is related to insufficient checking of memory buffer in ASP Secure OS, which may allow an attacker with a malicious TA to read or write to the ASP Secure OS kernel virtual...
kernel: eBPF verification flaw
A vulnerability was found in Linux Kernel, where a type confusion problem in checkmapfunccompatibility may lead to free arbitrary kernel memory...
kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c
A flaw memory leak in the Linux kernel webcam device functionality was found in the way user calls ioctl that triggers videousercopy function. The highest threat from this vulnerability is to system availability...
RHEL 8 : kernel (RHSA-2024:0724)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0724 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in schqfq netwo...
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes which allows local users to obtain sensitive information from kernel memory cause a denial of service (memory corruption and system crash) or possibly gain privileges via a writev system call with a crafted pointer.
...
The vulnerability of the Neural Engine component of the macOS operating system allows a hacker to execute arbitrary code with root privileges.
The vulnerability of the macOS operating system’s kernel is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code with kernel privileges...
PT-2025-5830 · Kaspersky · Kaspersky For Windows +10
Name of the Vulnerable Software and Affected Versions: Kaspersky Anti-Virus SDK for Windows affected versions not specified Kaspersky Security for Virtualization Light Agent affected versions not specified Kaspersky Endpoint Security for Windows affected versions not specified Kaspersky Small...
UBUNTU-CVE-2024-0564
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: race condition in xfrm_probe_algs can lead to OOB read/write
A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
Linux kernel code issue vulnerability (CNVD-2024-06235)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel that stems from vhostnewmsg in drivers/vhost/vhost.c failing to properly initialize memory in messages passed between a...
CVE-2024-0443 Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgrouprstatflush is only called at cssreleaseworkfn, which is called when the blkcg reference count reaches 0. This circula...
CVE-2023-38610
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory...