Lucene search
K

4329 matches found

Cvelist
Cvelist
added 2025/05/02 3:55 p.m.11 views

CVE-2023-53095 drm/ttm: Fix a NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix a NULL pointer dereference The LRU mechanism may look up a resource in the process of being removed from an object. The locking rules here are a bit unclear but it looks currently like res-bo assignment is protected ...

0.00157EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/05/02 12:0 a.m.4 views

The vulnerability of the ocfs2 component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the ocfs2 component in the Linux operating system is related to improper locking mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.7AI score0.00189EPSS
Exploits0References16Affected Software8
Vulnrichment
Vulnrichment
added 2025/05/01 2:11 p.m.7 views

CVE-2022-49931 IB/hfi1: Correctly move list in sc_disable()

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in scdisable Commit 13bac861952a "IB/hfi1: Fix abba locking issue with scdisable" incorrectly tries to move a list from one list head to another. The result is a kernel crash. The crash is triggered...

6AI score0.00148EPSS
Exploits0References5
NVD
NVD
added 2025/05/01 1:15 p.m.10 views

CVE-2025-23163

In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the device instance lock, there is now a possibility of a deadlock: 1.211455 ============================================ 1.211571 WARNING: possible recursive locking detected 1.21168...

5.5CVSS0.00123EPSS
Exploits0References11
OSV
OSV
added 2025/05/01 1:15 p.m.1 views

DEBIAN-CVE-2025-23163

In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the device instance lock, there is now a possibility of a deadlock: 1.211455 ============================================ 1.211571 WARNING: possible recursive locking detected 1.21168...

5.5CVSS5.5AI score0.00123EPSS
Exploits0References1
CVE
CVE
added 2025/05/01 12:55 p.m.132 views

CVE-2025-23163

CVE-2025-23163 relates to a Linux kernel issue in VLAN handling: net: vlan: don't propagate flags on open. The root cause is a possible deadlock when opening VLAN devices due to the device instance lock, where a task may try to acquire dev->lock while already holding it (seen in dev_open + dev...

5.5CVSS6.2AI score0.00123EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2025/05/01 12:55 p.m.13 views

CVE-2025-23163 net: vlan: don't propagate flags on open

In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the device instance lock, there is now a possibility of a deadlock: 1.211455 ============================================ 1.211571 WARNING: possible recursive locking detected 1.21168...

0.00123EPSS
Exploits0References9
OSV
OSV
added 2025/05/01 12:55 p.m.8 views

CVE-2025-23163 net: vlan: don't propagate flags on open

In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the device instance lock, there is now a possibility of a deadlock: 1.211455 ============================================ 1.211571 WARNING: possible recursive locking detected 1.21168...

5.5CVSS6.1AI score0.00123EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2025/04/30 3:18 a.m.2 views

SUSE CVE-2025-2817

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

7.8CVSS7.3AI score0.00538EPSS
Exploits0References14
OSV
OSV
added 2025/04/29 2:15 p.m.6 views

CVE-2025-2817

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

8.8CVSS7.4AI score0.00538EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/04/29 2:15 p.m.1 views

CVE-2025-2817

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

8.8CVSS6.5AI score0.00538EPSS
Exploits0References7
NVD
NVD
added 2025/04/29 2:15 p.m.41 views

CVE-2025-2817

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

8.8CVSS0.00538EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2025/04/29 1:13 p.m.8 views

CVE-2025-2817

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

8.8CVSS8.3AI score0.00538EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/04/29 1:13 p.m.8 views

CVE-2025-2817 Privilege escalation in Thunderbird Updater

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

7.3AI score0.00538EPSS
Exploits0References6
CVE
CVE
added 2025/04/29 1:13 p.m.126 views

CVE-2025-2817

The CVE-2025-2817 issue describes a vulnerability in Thunderbird’s update mechanism where a medium-integrity user process could interfere with the SYSTEM updater by manipulating file-locking, enabling privilege escalation via code injection into a user-privileged process. Affected products includ...

8.8CVSS7.3AI score0.00538EPSS
Exploits0References7Affected Software2
CNNVD
CNNVD
added 2025/04/29 12:0 a.m.3 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 138, which stems from a mishandled file locking behavior that could lead to elevated privileges...

8.8CVSS8.3AI score0.00538EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.4 views

PT-2025-23158

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been identified, related to the erofs file system. The issue arises when bio add folio fails due to being full, and erofs fileio scan folio retrie...

7.8CVSS7.3AI score0.09796EPSS
Exploits5References329
FreeBSD
FreeBSD
added 2025/04/29 12:0 a.m.7 views

Mozilla -- control access bypass

[email protected] reports: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowin...

8.8CVSS7.4AI score0.00538EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/23 12:0 a.m.6 views

PT-2025-17634 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: IntelR Core Ultra Processors affected versions not specified Description: The issue is related to improper locking in the IntelR Integrated Connectivity I/O interface CNVi for some IntelR Core Ultra Processors. This may allow an unauthenticat...

5.7CVSS6.3AI score0.00132EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.7 views

Vulnerabilities of the functions pvr_queue_fence_get_driver_name() and pvr_queue_fence_init() (drivers/gpu/drm/imagination/pvr_queue.c) in the Linux kernel, allowing a hacker to cause a service failure

The vulnerabilities of the functions pvrqueuefencegetdrivername and pvrqueuefenceinit drivers/gpu/drm/imagination/pvrqueue.c in the Linux kernel are related to insufficient locking. Exploiting these vulnerabilities could allow an attacker to trigger a service failure...

5.5CVSS6.6AI score0.00132EPSS
Exploits0References11Affected Software3
Rows per page
Query Builder