Lucene search
K

125 matches found

OSV
OSV
added 2024/02/07 9:15 p.m.12 views

UBUNTU-CVE-2023-6536

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...

7.5CVSS6.6AI score0.01537EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2024/02/07 4:32 p.m.3 views

kernel: NULL pointer dereference in nvmet_tcp_execute_request

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...

7.5CVSS6.6AI score0.01549EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/02/07 4:32 p.m.6 views

kernel: NULL pointer dereference in __nvmet_req_complete

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...

7.5CVSS6.6AI score0.01537EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/01/25 8:13 a.m.2 views

kernel: use after free in nvmet_tcp_free_crypto in NVMe

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead t...

8.8CVSS7.3AI score0.09141EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2024/01/24 9:11 a.m.2 views

kernel: use after free in nvmet_tcp_free_crypto in NVMe

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead t...

8.8CVSS7.3AI score0.09141EPSS
Exploits2References5
BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.6 views

The vulnerability of the __nvmet_reqComplete() function in the drivers/nvme/target/tcp.c file of the Linux NVMe kernel driver allows a hacker to trigger a service failure.

The vulnerability of the nvmetreqComplete function in the drivers/nvme/target/tcp.c file of the Linux NVMe driver kernel involves the assignment of a null pointer. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.8CVSS6.6AI score0.01537EPSS
Exploits0References27Affected Software4
SUSE CVE
SUSE CVE
added 2023/12/13 1:18 a.m.2 views

SUSE CVE-2023-6536

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...

6.5CVSS6.4AI score0.01537EPSS
Exploits0References29
OSV
OSV
added 2023/11/21 9:15 p.m.3 views

UBUNTU-CVE-2023-6238

A buffer overflow vulnerability was found in the NVM Express NVMe driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access DMA into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes...

6.7CVSS6AI score0.0029EPSS
Exploits0References5
OSV
OSV
added 2023/11/21 3:17 p.m.5 views

USN-6497-1 linux-oem-6.1 vulnerabilities

Maxim Levitsky discovered that the KVM nested virtualization SVM implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service host kernel crash. CVE-2023-5090 Alon Zahavi discovered that the...

8.8CVSS7AI score0.09141EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/11/21 12:0 a.m.5 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a buffer overflow vulnerability found in the NVM Express NVMe driver...

6.7CVSS7.3AI score0.0029EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.2 views

Linux kernel buffer error vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a buffer error vulnerability that stems from an out-of-bounds read vulnerability in the NVMe of/TCP subsystem...

4.3CVSS6.7AI score0.01657EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/11/14 3:46 p.m.4 views

kernel: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests The following message and call trace was seen with debug kernels: DMA-API: qla2xxx 0000:41:00.0: device driver failed to check map error device address=0x00000002a3ff38d8...

5.7AI score0.0018EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.1 views

SUSE CVE-2021-3947

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvmechangednslist where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information...

5.5CVSS7.5AI score0.00317EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/12/14 12:0 a.m.7 views

The vulnerability of the NVMe (Non-Volatile Memory Express) driver for Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the NVMe Non-Volatile Memory Express kernel driver for Linux operating systems is related to insufficient validation of input data during the processing of NVMEIOCTLRESET and NVMEIOCTLSUBSYSRESET requests. Exploiting this vulnerability can allow an attacker to trigger a servi...

5.5CVSS6.1AI score0.0023EPSS
Exploits0References11Affected Software3
RedHat Linux
RedHat Linux
added 2022/11/08 9:32 a.m.4 views

kernel: nvme-rdma: destroy cm id before destroy qp to avoid use after free

A vulnerability was found in the Linux kernel's nvme-rdma driver where the driver failed to destroy a component cmid before another component qp was destroyed. This issue occurs when the kernel incorrectly manages memory during RDMA, leading to a potential use-after-free...

9.8CVSS7.2AI score0.01166EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/09 12:0 a.m.4 views

RISC-V 输入验证错误漏洞

RISC-V is an open source instruction set architecture based on the principle of reduced instruction sets, which is easily interpreted as a form of "open source hardware" corresponding to the open source software movement. The RISC-V kernel suffers from an Input Validation Error vulnerability, whi...

5.5CVSS6.5AI score0.0023EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.4 views

PT-2022-5838 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw in the Linux kernel may cause a denial of service if consecutive requests of the NVME IOCTL RESET and the NVME IOCTL SUBSYS RESET are made through the device file of the driver,...

8.8CVSS7.2AI score0.21314EPSS
Exploits66References998
OSV
OSV
added 2022/08/25 8:15 p.m.5 views

AZL-10721 CVE-2021-3929 affecting package qemu for versions less than 6.2.0-13

A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvmectrlreset, data structs will be freed leading to a use-after-free issue. A malicious guest could...

8.2CVSS7.4AI score0.00643EPSS
Exploits2References1
OSV
OSV
added 2022/07/01 11:3 a.m.3 views

OESA-2022-1733 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset...

8.2CVSS7.1AI score0.00643EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/04/22 9:15 p.m.7 views

CVE-2021-4210

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code...

7.2CVSS7AI score0.00245EPSS
Exploits0References2
Rows per page
Query Builder