Lucene search
K

6 matches found

CVE
CVE
added 2025/05/30 1:13 p.m.392 views

CVE-2025-4598

The CVE-2025-4598 entry concerns a race condition in systemd-coredump that can let a local attacker read a crashed SUID process’s core dump. Affected component is systemd and its coredump handling; root cause is a kill-and-replace race where the kernel recycles a PID before systemd-coredump can a...

4.7CVSS6.5AI score0.00641EPSS
Web
CVE
CVE
added 2024/12/24 6:48 p.m.318 views

CVE-2022-21505

CVE-2022-21505: In the Linux kernel IMA, enabling appraisal with ima_appraise=log can bypass lockdown on systems where Secure Boot is disabled or unavailable. IMA blocks ima_appraise=log via boot params when Secure Boot is enabled, but this protection does not cover lockdown used without Secure B...

6.7CVSS7AI score0.002EPSS
CVE
CVE
added 2023/09/20 8:39 p.m.155 views

CVE-2023-22024

CVE-2023-22024 affects the Unbreakable Enterprise Kernel (UEK) RDS module, where two setsockopt options (RDS_CONN_RESET and RDS6_CONN_RESET) are not re-entrant. A local attacker with CAP_NET_ADMIN can crash the kernel. Connected advisories (e.g., Oracle ELSA updates) indicate a security update ad...

5.5CVSS5.2AI score0.00168EPSS
CVE
CVE
added 2026/05/01 5:53 p.m.20 views

CVE-2026-35233

CVE-2026-35233 is active in the Oracle Linux dtrace subsystem. An unprivileged user can craft a binary with an out-of-range sh_link, enabling an ELF parser to read memory beyond the allocated section cache due to missing bounds checks during object symbol table construction. This can cause a NULL...

4.4CVSS5.8AI score0.00108EPSS
CVE
CVE
added 2026/03/16 9:36 p.m.15 views

CVE-2026-21991

The CVE-2026-21991 issue affects the DTrace component dtprobed, specifically its handling of USDT probes, enabling arbitrary file creation through crafted provider names. Multiple connected advisories confirm dtprobed as the vulnerable element and describe the risk of code execution as a worst-ca...

5.5CVSS5.9AI score0.00181EPSS
CVE
CVE
added 2026/05/01 5:51 p.m.12 views

CVE-2026-21996

CVE-2026-21996 affects dtrace: an unprivileged, local attacker can trigger a crash in the dtrace process by feeding a malicious ELF binary, caused by an integer Divide-by-Zero in Pbuild_file_symtab(). Several advisories (e.g., Oracle ELSA-2026-50249) indicate a security update addressing this iss...

5.5CVSS5.8AI score0.0011EPSS