Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-26583	tls: fix race between async notify and socket close Description: In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2024-26582	net: tls: fix use-after-free with partial reads and async decrypt Description: In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2024-26581	netfilter: nft_set_rbtree: skip end interval element from gc Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2024-25131	Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation Description: A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment. EPSS Score: 0.08% Source: CVE December 20th, 2024 (5 months ago)
CVE-2024-2201	CVE-2024-2201 Description: A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-7005	CVE-2023-7005 Description: A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52921	drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Description: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang (@VAR10CK) of Baidu Security. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52919	nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Description: In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (calling alloc_skb()) to avoid possible NULL pointer dereference. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52918	media: pci: cx23885: check cx23885_vdev_init() return Description: In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwind if it is NULL. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52915	media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer Description: In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)