Lucene search
+L

51 matches found

RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.7 views

kernel: nbd: always initialize struct msghdr completely

In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...

4.4CVSS6.8AI score0.00222EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/24 2:39 a.m.6 views

kernel: nbd: always initialize struct msghdr completely

In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...

4.4CVSS6.8AI score0.00222EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/27 7:40 a.m.6 views

kernel: Reserved fields in guest message responses may not be zero initialized

A flaw was found in some AMD CPUs where the guest message responses have not been zero-initialized. This issue may allow a local attacker with the ability to run arbitrary code on a container or virtual machine to discover sensitive information contained in the host system's memory...

6CVSS6.7AI score0.00309EPSS
Exploits0References5
OSV
OSV
added 2024/08/17 9:15 a.m.1 views

DEBIAN-CVE-2024-42283

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and carry garbage. This can be observed e.g. with strace edited for clarity: ip...

5.5CVSS5.6AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2024/08/17 9:15 a.m.9 views

AZL-47799 CVE-2024-42283 affecting package kernel for versions less than 6.6.47.1-1

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and carry garbage. This can be observed e.g. with strace edited for clarity: ip...

5.5CVSS6.2AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2024/08/17 9:8 a.m.18 views

CVE-2024-42283 net: nexthop: Initialize all fields in dumped nexthops

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and carry garbage. This can be observed e.g. with strace edited for clarity: ip...

5.5CVSS6.2AI score0.00242EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2024/05/23 11:7 a.m.17 views

CVE-2021-47482

In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadvncmeshfree. The problem was in wrong error handling in batadvmeshinit. Before this patch batadvmeshinit was calling batadvmeshfree in case of any...

5.5CVSS6.6AI score0.00739EPSS
Exploits0References4
OSV
OSV
added 2024/05/22 9:15 a.m.9 views

UBUNTU-CVE-2021-47482

In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadvncmeshfree. The problem was in wrong error handling in batadvmeshinit. Before this patch batadvmeshinit was calling batadvmeshfree in case of any...

5.3CVSS5.8AI score0.00739EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/05/22 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that it will clean up uninitialized fields...

5.3CVSS6.2AI score0.00739EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2024/05/15 12:0 a.m.12 views

The vulnerability of the __sock_xmit() function in the drivers/block/nbd.c module of the Linux kernel’s nbd driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the sockxmit function in the drivers/block/nbd.c module of the Linux kernel’s nbd driver is related to the use of uninitialized fields in the struct msghdr structure. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

8.4CVSS6.3AI score0.00222EPSS
Exploits0References16Affected Software3
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from uninitialized fields...

5.5CVSS6.5AI score0.00257EPSS
Exploits0References11
OSV
OSV
added 2024/03/18 11:15 a.m.2 views

DEBIAN-CVE-2023-52616

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpiecinit When the mpiecctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this iss...

5.5CVSS5.3AI score0.0023EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/09/11 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-2717)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.00895EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2023/09/05 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-2675)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.00895EPSS
Exploits2References2
CNVD
CNVD
added 2023/05/29 12:0 a.m.2 views

GNU Binutils Denial of Service Vulnerability (CNVD-2025-21054)

GNU Binutils is a set of binary tools developed by the GNU Project, mainly used to deal with target files e.g., executables, libraries, etc., covering compilation, linking, debugging, and other phases of the function. A denial of service vulnerability exists in GNU Binutils, which arises from...

5.5CVSS6.7AI score0.00376EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/25 12:0 a.m.5 views

GNU Binutils 安全漏洞

GNU Binutils is a set of binary tools developed by the GNU Project, mainly used to deal with target files e.g., executables, libraries, etc., covering compilation, linking, debugging, and other phases of the function. A denial of service vulnerability exists in GNU Binutils, which arises from...

5.5CVSS6.6AI score0.00376EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:40 a.m.5 views

SUSE CVE-2017-13715

The skbflowdissect function in net/core/flowdissector.c in the Linux kernel before 4.3 does not ensure that nproto, ipproto, and thoff are initialized, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a single crafted MPLS packet...

10CVSS8.4AI score0.09652EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.1 views

SUSE CVE-2019-16714

In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized...

7.5CVSS7.4AI score0.02701EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/11/08 10:15 p.m.24 views

CVE-2021-41253

Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in zycore in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis...

8.1CVSS7.2AI score0.01804EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/11/08 12:0 a.m.4 views

PT-2021-23217 · Zydis · Zydis

Name of the Vulnerable Software and Affected Versions: Zydis versions v3.2.0 and older Description: Zydis is an x86/x86-64 disassembler library. Users that use the string functions provided in zycore to append untrusted user data to the formatter buffer within their custom formatter hooks can run...

8.1CVSS8AI score0.01804EPSS
Exploits1References11
Rows per page
Query Builder