63 matches found
Race condition
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix race condition between session lookup and expire Thread A + Thread B ksmbdsessionlookup | smb2sesssetup sess = xaload | | | xaerase&conn-sessions, sess-id; | | ksmbdsessiondestroysess -- kfreesess | // UAF! |...
CVE-2023-52480
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix race condition between session lookup and expire Thread A + Thread B ksmbdsessionlookup | smb2sesssetup sess = xaload | | | xaerase&conn-sessions, sess-id; | | ksmbdsessiondestroysess -- kfreesess | // UAF! |...
UBUNTU-CVE-2023-52480
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix race condition between session lookup and expire Thread A + Thread B ksmbdsessionlookup | smb2sesssetup sess = xaload | | | xaerase&conn-sessions, sess-id; | | ksmbdsessiondestroysess -- kfreesess | // UAF! |...
CVE-2023-52480 ksmbd: fix race condition between session lookup and expire
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix race condition between session lookup and expire Thread A + Thread B ksmbdsessionlookup | smb2sesssetup sess = xaload | | | xaerase&conn-sessions, sess-id; | | ksmbdsessiondestroysess -- kfreesess | // UAF! |...
CVE-2023-52480 ksmbd: fix race condition between session lookup and expire
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix race condition between session lookup and expire Thread A + Thread B ksmbdsessionlookup | smb2sesssetup sess = xaload | | | xaerase&conn-sessions, sess-id; | | ksmbdsessiondestroysess -- kfreesess | // UAF! |...
PT-2023-9489 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a race condition between session lookup and expire in the ksmbd component of the Linux kernel. This can lead to a use-after-free UAF condition, potentially...
Important: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
Important: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...
SUSE CVE-2019-19318
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsemdownwriteslowpath use-after-free because in rwsemcanspinonowner in kernel/locking/rwsem.c rwsemownerflags returns an already freed pointer,...
GSD-2023-1001230 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...
PT-2021-6407 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.3 Description: The issue is related to the use of memory after it has been freed in the Linux kernel, specifically in the fs/quota/quota tree.c component. This occurs when checking the block number in the...
Vulnerability of the rwsem_down_write_slowpath function (kernel/locking/rwsem.c) in the Linux operating system’s kernel, allowing a hacker to cause a service failure
The vulnerability of the rwsemdownwriteslowpath function in the Linux kernel’s locking/rwsem.c file relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
PT-2020-1812 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 3.16 through 5.5.6 Description: An issue in the Linux kernel leads to an out-of-bounds read because the FDC index is not checked for errors before assigning it. This issue is related to the set fdc function in...
CVE-2019-19318
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsemdownwriteslowpath use-after-free because in rwsemcanspinonowner in kernel/locking/rwsem.c rwsemownerflags returns an already freed pointer,...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...