An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.
Max CVSS
9.1
EPSS Score
0.14%
Published
2023-07-18
Updated
2023-12-22
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.
Max CVSS
9.1
EPSS Score
0.06%
Published
2023-07-18
Updated
2023-12-15
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
Max CVSS
9.1
EPSS Score
0.06%
Published
2023-07-18
Updated
2023-12-22
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-07-18
Updated
2023-12-22
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.
Max CVSS
9.1
EPSS Score
0.14%
Published
2023-07-18
Updated
2023-12-15
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-07-18
Updated
2023-11-17
An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.
Max CVSS
9.1
EPSS Score
0.12%
Published
2023-07-18
Updated
2023-12-22
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Max CVSS
9.8
EPSS Score
0.24%
Published
2023-07-10
Updated
2023-07-17
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Max CVSS
9.0
EPSS Score
0.24%
Published
2023-07-10
Updated
2023-07-17
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.
Max CVSS
9.8
EPSS Score
1.65%
Published
2023-11-01
Updated
2024-03-12
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
Max CVSS
10.0
EPSS Score
0.04%
Published
2023-09-20
Updated
2023-12-15
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.
Max CVSS
9.8
EPSS Score
0.73%
Published
2022-12-23
Updated
2023-05-16
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.
Max CVSS
9.1
EPSS Score
0.31%
Published
2022-03-18
Updated
2023-01-20
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
Max CVSS
9.0
EPSS Score
1.04%
Published
2022-03-25
Updated
2023-02-14
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Max CVSS
9.8
EPSS Score
4.42%
Published
2021-11-02
Updated
2022-11-03
Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.
Max CVSS
10.0
EPSS Score
0.46%
Published
2021-07-08
Updated
2022-07-14
Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol.
Max CVSS
9.8
EPSS Score
0.39%
Published
2021-07-08
Updated
2021-07-14
Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode.
Max CVSS
9.8
EPSS Score
0.39%
Published
2021-07-08
Updated
2021-07-14
Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode.
Max CVSS
9.8
EPSS Score
0.39%
Published
2021-07-08
Updated
2021-07-14
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
Max CVSS
9.8
EPSS Score
0.80%
Published
2022-02-16
Updated
2023-02-24
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
Max CVSS
9.3
EPSS Score
0.12%
Published
2019-12-17
Updated
2023-01-19
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.
Max CVSS
9.3
EPSS Score
0.08%
Published
2019-12-17
Updated
2020-01-03
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.
Max CVSS
9.8
EPSS Score
0.57%
Published
2019-11-07
Updated
2020-08-12
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
Max CVSS
9.8
EPSS Score
0.70%
Published
2019-11-07
Updated
2021-06-22
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
Max CVSS
9.8
EPSS Score
1.21%
Published
2019-10-04
Updated
2022-11-03
170 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!