CVE-2023-32250

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...

CVE-2023-32250 Session race condition remote code execution vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...

Linux kernel denial of service vulnerability (CNVD-2023-64510)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in versions of Linux kernel prior to 6.2, which stems from improper locking and can be exploited by a local attacker to perform a denia...

First user can drain funds from staking contract

Lines of code Vulnerability details Impact If the first user locks an extremely small amount of tokens 1 wei, he can manipulate the reward that is supposed to receive. After locking a small amount, he can unlock it before the second user interacts with the contract. See PoC for more details. Note...

PUB-A-264663832

In multiple functions of iouring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation...

Ubuntu: Security Advisory (USN-6194-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in versions of Linux kernel prior to 6.2, which stems from improper locking and can be exploited by a local attacker to perform a denia...

USN-6194-1: Linux kernel (OEM) vulnerabilities

Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-35788, LP: 2023577 Xingyuan Mo and Gengjia Chen...

USN-6194-1 linux-oem-6.1 vulnerabilities

Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-35788, LP: 2023577 Xingyuan Mo and Gengjia Chen...

USN-6192-1 linux, linux-allwinner, linux-allwinner-5.19, linux-aws, linux-aws-5.19, linux-azure, linux-gcp, linux-gcp-5.19, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux-starfive, linux-starfive-5.19 vulnerabilities

Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-35788, LP: 2023577 Xingyuan Mo and Gengjia Chen...

Improper Access Control

admidio/admidio is vulnerable to Improper Access Control. The vulnerability exists due to improper restrictions in album locking which allows an attacker to send ecards and view the album data...

CVE-2023-33951

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

USN-6173-1: Linux kernel (OEM) vulnerabilities

Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-31436 It was discovered that the...

CVE-2023-21120

In multiple functions of cdmengine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID:...

CVE-2023-21120

In multiple functions of cdmengine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID:...

Ubuntu: Security Advisory (USN-6162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6162-1: Linux kernel (Intel IoTG) vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

USN-6162-1 linux-intel-iotg-5.15 vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

CLSA-2023-1686585068 kernel: Fix of 26 CVEs

cgroup: Use open-time cgroup namespace for process migration perm checks CVE-2021-4197 - cgroup: Use open-time credentials for process migraton perm checks CVE-2021-4197 - cgroup: cgroup.procs,threads factor out common parts - cgroup: unify attach permission checking - vt: drop old FONT ioctls...

CVE-2023-20745

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694...