Security Bulletin
Summary
IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update.
Vulnerability Details
CVEID: CVE-2024-30203
DESCRIPTION: GNU Emacs could provide weaker than expected security, caused by an issue with treating inline MIME contents as trusted. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-30205
DESCRIPTION: GNU Emacs could provide weaker than expected security, caused by an issue with contents of remote files to be trusted in Org mode. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-39331
DESCRIPTION: GNU Emacs could allow a remote attacker to execute arbitrary code on the system, caused by a code injection flaw in org-link-expand-abbrev in lisp/ol.el. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-94: Improper Control of Generation of Code ('Code Injection')
CVSS Source: IBM X-Force
CVSS Base score: 7.8
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-21147
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts.
CWE: CWE-284: Improper Access Control
CVSS Source: IBM X-Force
CVSS Base score: 7.4
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2024-21145
DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CWE: CWE-284: Improper Access Control
CVSS Source: IBM X-Force
CVSS Base score: 4.8
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-21140
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CWE: CWE-284: Improper Access Control
CVSS Source: IBM X-Force
CVSS Base score: 4.8
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-21144
DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency component could allow a remote attacker to cause low availability impact.
CWE: CWE-284: Improper Access Control
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-21138
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause a low availability impact.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-21131
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact.
CWE: CWE-284: Improper Access Control
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-27267
DESCRIPTION: The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.
CWE: CWE-300: Channel Accessible by Non-Endpoint
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-20584
DESCRIPTION: Multiple AMD Processors could allow a local authenticated attacker to bypass security restrictions, caused by improper handling of certain special address ranges with invalid device table entries (DTEs) by the IOMMU. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass RMP checks in SEV-SNP.
CWE: CWE-1220: Insufficient Granularity of Access Control
CVSS Source: AMD
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N)
CVEID: CVE-2023-31356
DESCRIPTION: AMD EPYC 7003 Processors could allow a local authenticated attacker to bypass security restrictions, caused by an incomplete system memory cleanup in SEV firmware. An attacker could exploit this vulnerability to corrupt guest private memory, potentially resulting in a loss of data integrity.
CWE: CWE-284: Improper Access Control
CVSS Source: Advanced Micro Devices Inc.
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-42251
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in write.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38575
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the kzalloc() in brcmf_pcie_download_fw_nvram(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36940
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a double-free in pinctrl_enable(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-415: Double Free
CVSS Source: IBM X-Force
CVSS Base score: 2.3
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-36017
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read when accessing the saved (casted) entry in ivvl. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 6.1
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)
CVEID: CVE-2024-26703
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26831
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an error related to handshake_req_destroy_test1. An attacker could exploit this vulnerability to obtain sensitive information.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 3.3
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2023-52591
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to touching renamed directory if parent does not change. An attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-39472
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by incorrect h_size values used for the initial
umount record in xfs_log_recover.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-1190: DMA Device Enabled Too Early in Boot Phase
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36905
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a divide-by-zero error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-369: Divide By Zero
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-27010
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a mirred deadlock on device recursion. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26663
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the failure to check the bearer type before calling tipc_udp_nl_bearer_add(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-42244
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in USB: serial: mos7840. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52609
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition between mmput() and do_exit(). An attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38598
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in Md. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-39502
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by use-after-free in netif_napi_del(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 6.7
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-36025
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an off-by-one in qla_edif_app_getstats(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 5.2
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2024-26667
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by invalid hw_pp in dpu_encoder_helper_phys_cleanup of drm/msm/dpu. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52584
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free on device remove. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 6.7
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-52817
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference when the smc_rreg pointer is NULL. An attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36978
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out--of-bounds write in multiq_tune(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-27020
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by potential data-race in __nft_expr_type_get() in netfilter: nf_tables. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36896
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an access violation during port device removal. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-170: Improper Null Termination
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26713
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference on read at 0x00000030 Faulting instruction address: 0xc0000000006bbe5c Oops. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26726
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the failure to drop extent_map for free space inode on write error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26824
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to bogus SGL free on zero-length error path. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-47449
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to locking for Tx timestamp tracking flush. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-667: Improper Locking
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36954
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a memleak in tipc_buf_append __skb_linearize(). An attacker could exploit this vulnerability to obtain sensitive information.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-27011
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in map from abort path. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35947
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an old BUG_ON in >control parser A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26727
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the failure to ASSERT() if the newly created subvolume already got read. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26823
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to quirk probing for ACPI-based systems. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-42252
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in closure.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-413: Improper Resource Locking
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38573
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in cppc_cpufreq_get_rate(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36941
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.7
CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36020
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the Ethernet Controller XL710 family driver. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26702
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read in the rm3100_common_probe function. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 6
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2024-42258
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by flaw with x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: Red Hat
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52596
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds access for empty sysctl registers. A local attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-39276
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an error related to mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find(). An attacker could exploit this vulnerability to obtain sensitive information.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-36917
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an integer overflow in blk_ioctl_discard(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-190: Integer Overflow or Wraparound
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26961
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to llsec key resources release in mac802154_llsec_key_del. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26668
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an integer overflow. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-190: Integer Overflow or Wraparound
CVSS Source: IBM X-Force
CVSS Base score: 7.1
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2024-42247
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by unaligned 64-bit memory accesses in wireguard/allowedips.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-190: Integer Overflow or Wraparound
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52608
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to mailbox/SMT channel for consistency. An attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-39487
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read in bond_option_arp_ip_targets_set(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36270
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-39495
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free bug in gb_interface_release due to race condition. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26714
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to Mark CO0 BCM keepalive. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26844
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to in _copy_from_iter Syzkaller reporting a warning in _copy_from_iter because an iov_iter is supposedly used in the wrong direction. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-1098: Data Element containing Pointer Item without Proper Copy Control Element
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-42236
DESCRIPTION: The Linux Kernel is vulnerable to a denial of service, caused by an out-of-bound write in configfs.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52600
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in jfs_evict_inode. An attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-39476
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-833: Deadlock
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36286
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in Netfilter: Nfnetlink_queue. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-40902
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a buffer overflow for invalid xattr. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26718
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to disable tasklets Tasklets having an inherent problem with memory corruption. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-123: Write-what-where Condition
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26842
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a shift issue in ufshcd_clear_cmd(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35940
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a missing null pointer check to the psz_kmsg_read. A local attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36950
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to mask bus reset interrupts between ISR and bottom half. A local attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36929
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an untrusted pointer reference error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-822: Untrusted Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36010
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by string truncation warnings in igb_set_fw_version. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26710
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-121: Stack-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26820
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to Register VF in netvsc_probe if NET_DEVICE_REGISTER missed. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-42255
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw with use auth only after NULL check in tpm_buf_check_hmac_response() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: Red Hat
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38555
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when FW completion arrives while device is in internal error state. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-416: Use After Free
CVSS Source: Red Hat
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36945
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a neighbour and rtable leak in smc_ib_find_route(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Source: IBM X-Force
CVSS Base score: 3.3
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-26962
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by deadlock in dm-raid456 while io concurrent with reshape. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 4.1
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26700
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 4.3
CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-41042
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by stack-based buffer overflow inf_tables_api.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-121: Stack-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 4.1
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36971
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free error in the network route management. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 7.8
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-52590
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to touching renamed directory if parent does not change. An attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38627
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a double-free in stm_register_device(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-415: Double Free
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-40974
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in powerpc/pseries. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36921
DESCRIPTION: Linux Kernel could allow a local authenticated attacker, caused by an out-of-bounds memory access flaw in the Wireless WiFi Link Next-Gen AGN driver. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 6.7
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-26958
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in direct writes. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26696
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a hang in nilfs_lookup_dirty_data_buffers(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-1246: Improper Write Handling in Limited-write Non-Volatile Memories
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-42238
DESCRIPTION: Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking in cs_dsp_power_up(). By sending a specially crafted request, a remote attacker could overflow to cause a denial of service.
CWE: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52599
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an array-index-out-of-bounds in diNewExt. An attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38615
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to exit() callback being optional. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-459: Incomplete Cleanup
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-40927
DESCRIPTION: Linux Kernel is vulnerable to a denial of service caused by a deadlock in ieee80211_sta_ps_deliver_wakeup() in xhci-ring.c . A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-833: Deadlock
CVSS Source: IBM X-Force
CVSS Base score: 6.1
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)
CVEID: CVE-2024-36927
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in __ip_make_skb() KMSAN. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26940
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to the creation of debugfs ttm_resource_manager entry. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26662
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in 'dcn21_set_backlight_level()'. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-42232
DESCRIPTION: The Linux Kernel is vulnerable to a denial of service, caused by a race condition between mon_fault() and finish_hunting(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36979
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a vlan use-after-free. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 6.6
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2024-27019
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by potential data-race in __nft_obj_type_get() in netfilter: nf_tables. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36489
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by missing memory barrier in tls_init. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 6.1
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
CVEID: CVE-2021-47231
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in mcba_usb. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 5.1
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L)
CVEID: CVE-2024-26721
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to the macro that calculates DSCC_/DSCA_ PPS reg address. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 2.3
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-26825
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to nfc: nci: free rx_data_reassembly skb on NCI device cleanup. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-42256
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw related to server re-repick on subrequest retry. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: Red Hat
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38596
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in unix_release_sock/unix_stream_sendmsg. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 4.7
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36933
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the use of uninitialized variable. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-457: Use of Uninitialized Variable
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H)
CVEID: CVE-2024-36016
DESCRIPTION: Linux Kernel could allow a remote attacker from within the local network to gain elevated privileges on the system, caused by an out-of-bounds write in gsm0_receive(). An attacker could exploit this vulnerability to gain elevated privileges on the system.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 6.4
CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-26707
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the failure to remove WARN_ONCE() in send_hsr_supervision_frame(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26818
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to clang warning about mount_point var size. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-42254
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by inconsistent error handling in io_alloc_pbuf_ring() in radeon_gem.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38538
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an uninit value[1] error in bridge device's xmit path. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source: Red Hat
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36904
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges, caused by a use-after-free in the TCP protocol. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 7
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-27025
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to a null check for nla_nest_start nla_nest_start() that may fail and return NULL. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26697
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to data corruption in dsync block recovery for small block sizes. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-42259
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper bounds checking by drm/i915/gem. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source: IBM X-Force
CVSS Base score: 4.1
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38808
DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression Language (SpEL) expression, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: VMware
CVSS Base score: 4.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-4032
DESCRIPTION: An unspecified error with ipaddress considers some not globally reachable addresses global and vice versa in Python CPython has an unknown impact and attack vector.
CWE: CWE-697: Incorrect Comparison
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-6232
DESCRIPTION: Python CPython is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw when parsing TarFile headers. By using specially crafted tar archives, a remote attacker could exploit this vulnerability to cause a denial of service.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CWE: CWE-1333: Inefficient Regular Expression Complexity
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-6923
DESCRIPTION: Python CPython is vulnerable to email header injection, caused by the failure to properly quote newlines for email headers when serializing an email message. By persuading a victim to open a specially crafted email, a remote authenticated attacker could exploit this vulnerability to spoof sender identity, gain unauthorized email sending or loss of control over email communication.
CWE: CWE-94: Improper Control of Generation of Code ('Code Injection')
CVSS Source: CISA ADP
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2023-38325
DESCRIPTION: Python Cryptographic Authority cryptography could provide weaker than expected security, caused by an encoding mismatch regarding critical options with OpenSSH. An attacker could exploit this vulnerability to launch further attacks on the system
CWE: CWE-310: Cryptographic Issues
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-0286
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker could exploit this vulnerability to read memory contents or cause a denial of service.
CWE: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CVSS Source: IBM X-Force
CVSS Base score: 8.2
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)
CVEID: CVE-2020-36242
DESCRIPTION: Cryptography could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and a buffer overflow. By using certain sequences of update calls to symmetrically encrypt multi-GB values, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CWE: CWE-190: Integer Overflow or Wraparound
CVSS Source: IBM X-Force
CVSS Base score: 9.1
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2020-25659
DESCRIPTION: python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-23931
DESCRIPTION: PyPI cryptography package could allow a remote attacker to bypass security restrictions, caused by a memory corruption in Cipher.update_into. By passing an immutable python object as the outbuf, an attacker could exploit this vulnerability to bypass authentication and obtain access.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 4.8
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
CVEID: CVE-2024-5535
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a buffer over-read flaw in the SSL_select_next_proto API function when calling with an empty supported client protocols buffer. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a crash or memory contents to be sent to the peer.
CWE: CWE-126: Buffer Over-read
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-33602
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory corruption by the Name Service Cache Daemon's (nscd) netgroup cache when the NSS callback fails to store all strings in the provided buffer. A local attacker could exploit this vulnerability to corrupt memory and cause a denial of service.
CWE: CWE-466: Return of Pointer Value Outside of Expected Range
CVSS Source: IBM X-Force
CVSS Base score: 4
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-33601
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory allocation failure when the Name Service Cache Daemon's (nscd) netgroup cache uses the xmalloc or xrealloc functions. A local attacker could exploit this vulnerability to terminate the daemon.
CWE: CWE-617: Reachable Assertion
CVSS Source: IBM X-Force
CVSS Base score: 4
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-2961
DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the ISO-2022-CN-EXT plugin. By sending specially crafted input, an attacker could exploit this vulnerability to overwrite critical data structures and execute arbitrary code on the system or cause the application to crash.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 8.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-33599
DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests. By sending a subsequent client request, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system.
CWE: CWE-121: Stack-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 7.6
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2024-33600
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference when the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache. A remote attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-6345
DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the package_index module. By persuading a victim to click a specially crafted URL, an attacker could exploit this vulnerability using its download functions to inject and execute arbitrary code on the system.
CWE: CWE-94: Improper Control of Generation of Code ('Code Injection')
CVSS Source: IBM X-Force
CVSS Base score: 8.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-40897
DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular expression, an remote attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-6597
DESCRIPTION: CPython could allow a local attacker to bypass security restrictions, caused by a flaw in the tempfile.TemporaryDirectory class in python3/cpython3. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
CWE: CWE-61: UNIX Symbolic Link (Symlink) Following
CVSS Source: CNA
CVSS Base score: 7.8
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N)
CVEID: CVE-2023-27043
DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a parsing flaw in the email.utils.parsaddr() and email.utils.getaddresses() functions. By sending a specially-crafted e-mail addresses with a special character, an attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-0450
DESCRIPTION: Python CPython is vulnerable to a denial of service, caused by improper input validation by the zipfile module. By persuading a victim to open a specially crafted ZIP file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-405: Asymmetric Resource Consumption (Amplification)
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-0727
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could exploit this vulnerability to cause the application to crash.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 3.1
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-49083
DESCRIPTION: Cryptography package for Python is vulnerable to a denial of service, caused by a NULL pointer dereference when loading PKCS7 certificates. By deserializing a specially crafted PKCS7 blob/certificate, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-50782
DESCRIPTION: Python Cryptographic Authority cryptography could allow a remote attacker to obtain sensitive information, caused by a flaw when decrypting captured messages in TLS servers that use RSA key exchanges. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE: CWE-208: Observable Timing Discrepancy
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-34069
DESCRIPTION: Pallets Werkzeug could allow a remote attacker to execute arbitrary code on the system, caused by improper usage of a pathname and improper CSRF protection in the debugger. By persuading a victim to interact with a domain and subdomain they control, enter the debugger PIN and guess a URL in the developer's application that will trigger the debugger, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-352: Cross-Site Request Forgery (CSRF)
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-52425
DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper system resource allocation. By sending a specially crafted request using an overly large token, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-43618
DESCRIPTION: GNU Multiple Precision Arithmetic Library (GMP) is vulnerable to a denial of service, caused by an mpz/inp_raw.c integer overflow and resultant buffer overflow. By sending specially crafted input, a remote attacker could exploit this vulnerability to cause a segmentation fault on 32-bit platforms.
CWE: CWE-754: Improper Check for Unusual or Exceptional Conditions
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-28487
DESCRIPTION: Sudo Project Sudo could allow a remote attacker to obtain sensitive information, caused by improper escaping terminal control characters by the "sudoreplay -l" command. By sending specially crafted terminal control commands, an attacker could exploit this vulnerability to obtain restricted information information, and use this information to launch further attacks against the affected system.
CWE: CWE-117: Improper Output Neutralization for Logs
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2023-4807
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in the POLY1305 MAC (message authentication code) implementation, when running on newer X86_64 processors supporting the AVX512-IFMA instructions. A local authenticated attacker could exploit this vulnerability to cause an incorrect result of some application dependent calculations or a crash or in some cases gain complete control of the application process.
CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source: IBM X-Force
CVSS Base score: 7.8
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-28486
DESCRIPTION: Sudo Project Sudo could allow a remote attacker to obtain sensitive information, caused by improper escaping terminal control characters during logging operations. By sending specially crafted terminal control commands, an attacker could exploit this vulnerability to obtain restricted information information, and use this information to launch further attacks against the affected system.
CWE: CWE-117: Improper Output Neutralization for Logs
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2023-42465
DESCRIPTION: Sudo Project Sudo could allow a remote attacker to bypass security restrictions, caused by a fault injection flaw in the stack/register variables. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CWE: CWE-287: Improper Authentication
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-39689
DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An attacker could exploit this vulnerability to launch further attacks on the system.
CWE: CWE-345: Insufficient Verification of Data Authenticity
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-2953
DESCRIPTION: OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the ber_memalloc_x() function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-37370
DESCRIPTION: MIT Kerberos 5 (aka krb5) could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request to modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, an attacker could exploit this vulnerability to cause the unwrapped token to appear truncated to the application.
CWE: CWE-1220: Insufficient Granularity of Access Control
CVSS Source: IBM X-Force
CVSS Base score: 7.4
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVEID: CVE-2024-26461
DESCRIPTION: Kerberos 5 is vulnerable to a denial of service, caused by a memory leak in /krb5/src/lib/gssapi/krb5/k5sealv3.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-37371
DESCRIPTION: MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service, caused by an invalid memory reads during GSS message token handling. By sending specially crafted message tokens, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26458
DESCRIPTION: Kerberos 5 is vulnerable to a denial of service, caused by a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-28322
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.. By sending a specially crafted request, an attacker could exploit this vulnerability to cause application to misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
CWE: CWE-440: Expected Behavior Violation
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2023-38546
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the curl_easy_duphandle function if a transfer has cookies enabled when the handle is duplicated. By sending a specially crafted request, an attacker could exploit this vulnerability to insert cookies at will into a running program.
CWE: CWE-73: External Control of File Name or Path
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-2398
DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially crafted PUSH_PROMISE frames with an excessive amount of headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-46218
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a mixed case flaw when curl is built without PSL support. By sending a specially crafted request, an attacker could exploit this vulnerability to allow a HTTP server to set "super cookies" in curl.
CWE: CWE-201: Insertion of Sensitive Information Into Sent Data
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2021-35937
DESCRIPTION: RPM Project RPM could allow a local authenticated attacker to gain elevated privileges on the system, caused by a TOCTOU race in checks for unsafe symlinks. An attacker could exploit this vulnerability to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501 and gain root privileges on the system.
CWE: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CVSS Source: IBM X-Force
CVSS Base score: 6.3
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-35939
DESCRIPTION: RPM Project RPM could allow a local authenticated attacker to gain elevated privileges on the system, caused by the failure to perform checks for unsafe symlinks for intermediary directories. An attacker could exploit this vulnerability to gain root privileges on the system.
CWE: CWE-59: Improper Link Resolution Before File Access ('Link Following')
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-35938
DESCRIPTION: RPM Project RPM could allow a local authenticated attacker to gain elevated privileges on the system, caused by a symbolic link when setting the desired permissions and credentials after installing a file. An attacker could exploit this vulnerability to exchange the original file with a symbolic link to a security-critical file and gain elevated privileges on the system.
CWE: CWE-59: Improper Link Resolution Before File Access ('Link Following')
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-3651
DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted argument to the idna.encode() function and consume system resources.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-0553
DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive information. By perform a timing side-channel attack in the RSA-PSK key exchange, a remote attacker could exploit this vulnerability to obtain sensitive information.
CWE: CWE-203: Observable Discrepancy
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-28834
DESCRIPTION: GnuTLS could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the ECDSA code. By utilize Minerva attack techniques, an attacker could exploit this vulnerability to obtain private key information, and use this information to launch further attacks against the affected system.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-6004
DESCRIPTION: libssh could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the ProxyCommand handling. By sending a specially crafted request using hostname in expanded proxycommand, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CWE: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS Source: IBM X-Force
CVSS Base score: 4.8
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2023-48795
DESCRIPTION: OpenSSH could allow a remote attacker to bypass security restrictions, caused by a flaw in the SSH Binary Packet Protocol (BPP). By sending a specially crafted request, an attacker could exploit this vulnerability to bypass integrity checks such that some packets are omitted, and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled.
CWE: CWE-222: Truncation of Security-relevant Information
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-6918
DESCRIPTION: libssh is vulnerable to a denial of service, caused by an unchecked return value flaw for the abstract layer for message digest (MD) operations. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-252: Unchecked Return Value
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-7008
DESCRIPTION: systemd is vulnerable to a man-in-the-middle attack, caused by a flaw with able to accept records of DNSSEC-signed domains even when they have no signature. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to manipulate records.
CWE: CWE-300: Channel Accessible by Non-Endpoint
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-35195
DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation vulnerability. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification. An attacker could exploit this vulnerability to launch further attacks on the system.
CWE: CWE-670: Always-Incorrect Control Flow Implementation
CVSS Source: IBM X-Force
CVSS Base score: 5.6
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N)
CVEID: CVE-2024-25062
DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by a use-after-free in xmlValidatePopElement(). By using XMLReader API, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-7104
DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the sessionReadRecord function in ext/session/sqlite3session.c. By sending a specially crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CWE: CWE-122: Heap-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2023-4693
DESCRIPTION: GNU grub2 could allow a physical to obtain sensitive information, caused by an out-of-bounds read flaw in grub-core/fs/ntfs.c. By using a specially crafted NTFS file system image, an attacker could exploit this vulnerability to read arbitrary memory locations, and use this information to launch further attacks against the affected system.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: CVE.org
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2024-1048
DESCRIPTION: GNU GRUB2 is vulnerable to a denial of service, caused by a flaw with temporary file not removed in the grub2-set-bootflag utility. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to fill the filesystem with temporary files, and results in a denial of service condition.
CWE: CWE-459: Incomplete Cleanup
CVSS Source: IBM X-Force
CVSS Base score: 3.3
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-4692
DESCRIPTION: GNU grub2 could allow a local authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw when parsing the $ATTRIBUTE_LIST attribute. By using a specially crafted NTFS filesystem image, an attacker could exploit this vulnerability to execute arbitrary code and secure boot protection bypass.
CWE: CWE-122: Heap-based Buffer Overflow
CVSS Source: CVE.org
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2024-34064
DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys containing non-attribute characters by the `xmlattr` filter. A remote attacker could exploit this vulnerability to inject other attributes into a Web page which would be executed in a victims Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source: IBM X-Force
CVSS Base score: 5.4
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-28182
DESCRIPTION: nghttp2 is vulnerable to a denial of service, caused by a flaw with keep reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause excessive CPU usage, and results in a denial of service condition.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-37891
DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization header during cross-origin redirects. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information.
CWE: CWE-669: Incorrect Resource Transfer Between Spheres
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-22365
DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by a flaw in pam_namespace.so. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 4
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-43824
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to the use of cached 'epc_features' in pci_epf_test_core_init(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-43833
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in adding ancillary links In v4l2_async_create_ancillary_links(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36960
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an invalid read in fence signaled events. A local authenticated attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 7.1
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2024-43832
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to calling folio_wait_writeback() without a folio reference. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-43858
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an array-index-out-of-bounds in diFree. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-43857
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference when checking end of zone. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38809
DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted HTTP request containing ETags from "If-Match" or "If-None-Match" request headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1333: Inefficient Regular Expression Complexity
CVSS Source: GitHub, Inc.
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-5752
DESCRIPTION: Python Packaging Authority pip could allow a local authenticated attacker to bypass security restrictions, caused by a flaw when installing a package from a Mercurial VCS URL. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject arbitrary configuration options to the "hg clone" call to modify how and which repository is installed.
CWE: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2021-46939
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the ring buffer recursion detection. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-833: Deadlock
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-47018
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw related to the definition of the fixmap area. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-47257
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in parse dev addr. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-47284
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the nj_setup function in netjet.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-590: Free of Memory not on the Heap
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-47304
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak flaw in the tcp_init_transfer() function due to not reset icsk_ca_initialized. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-47373
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a VPE leak on error In its_vpe_irq_domain_alloc. An attacker could exploit this vulnerability to obtain sensitive information.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2021-47408
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw related to serialize hash resizes and cleanups. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-667: Improper Locking
CVSS Source: IBM X-Force
CVSS Base score: 4.7
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-47461
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition between writeprotect and exit_mmap(). By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 7
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-47468
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw with sleeping function called from invalid context. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-47491
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause collapse in read-only THP for filesystems.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-47548
DESCRIPTION: Linux Kernel could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an array overflow in hns_dsaf_ge_srst_by_port(). By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-129: Improper Validation of Array Index
CVSS Source: IBM X-Force
CVSS Base score: 6
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2021-47579
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw with cgroup2 filesystem returns from mkdir without instantiating the new dentry. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-457: Use of Uninitialized Variable
CVSS Source: IBM X-Force
CVSS Base score: 4.1
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-47624
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by reference count leaks in rpc_sysfs_xprt_state_change. An attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 3.3
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-48632
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow in mlxbf_i2c_smbus_start_transaction(). An attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-122: Heap-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-48743
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a skb data length underflow. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-48747
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a wrong offset flaw in the bio_truncate() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-48757
DESCRIPTION: Linux Kernel could allow a remote authenticated attacker to obtain sensitive information, caused by incorrect default permissions in netdevice.h. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CWE: CWE-276: Incorrect Default Permissions
CVSS Source: IBM X-Force
CVSS Base score: 3.3
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2023-28746
DESCRIPTION: Xen could allow a local attacker to obtain sensitive information, caused by an error related to RFDS, Register File Data Sampling. An attacker could exploit this vulnerability to infer data from the register files.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2023-52451
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to access beyond end of drmem array. A local attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52463
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by force RO when remounting if SetVariable is not supported. A local attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52469
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in kv_parse_power_table. A local attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52471
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in ice_ptp.c. A local attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52486
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a deadlock issue due to unref the same fb many times. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-833: Deadlock
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52530
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by use-after-free in ieee80211_key_link in mac80211. By sending a specially crafted request, a local attacker could exploit this vulnerability to a denial of service condition.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52619
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error when setting number of cpus to an odd number. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52622
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when online resize an ext4 filesystem with a oversized flexbg_size. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-131: Incorrect Calculation of Buffer Size
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52623
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition related to RCU usage. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52648
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw related to unreferencing the plane state surface. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52653
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the gss_import_v2_context function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52658
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw related to switchdev mode with ns inconsistency. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-130: Improper Handling of Length Parameter Inconsistency
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52662
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the vmw_gmrid_man_get_node function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52679
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a double free flaw in the of_parse_phandle_with_args_map function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-415: Double Free
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52707
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the ep_remove_wait_queue() function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 7
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-52730
DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdio_add_func() or sdio_init_func() fails, sdio_remove_func() can not release the resources, because the sdio function is not presented in these two cases, it won't call of_node_put() or put_device().
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52762
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow on virtio_max_dma_size. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-121: Stack-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52764
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a shift-out-of-bounds in set_flicker. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52775
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a data corruption issue during testing of SMC-R on Redis applications. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52777
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to gtk offload status event locking. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 5.2
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2023-52784
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the bond_setup_by_slave() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52791
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an incomplete cleanup in the i2c module. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-459: Incomplete Cleanup
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52796
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow in the ipvlan module. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-121: Stack-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52803
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in dget_parent. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52811
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw ibmvfc_get_event() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52832
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an integer overflow in the ieee80211_get_tx_power() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-190: Integer Overflow or Wraparound
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52834
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an DMA RX overflow issue. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52845
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to changing nla_policy for bearer-related names to NLA_NUL_STRING. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52847
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to btv->timeout timer. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 5.2
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2023-52756
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a double shift flaw. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-52864
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory corruption flaw in the wmi_char_open() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-21823
DESCRIPTION: Intel DSA and IAA are vulnerable to a denial of service, caused by a hardware logic with insecure de-synchronization. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels
CVSS Source: IBM X-Force
CVSS Base score: 6.4
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H)
CVEID: CVE-2024-2201
DESCRIPTION: XenSource Xen could allow a local attacker to obtain sensitive information, caused by a new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution. By speculatively jumping to a chosen gadget, an attacker could exploit this vulnerability to read arbitrary privileged data or system registry values.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 7.1
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2024-25739
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper check for unusual or exceptional conditions in the create_empty_lvol function in the drivers/mtd/ubi/vtbl.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-754: Improper Check for Unusual or Exceptional Conditions
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26586
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a stack corruption in mlxsw: spectrum_acl_tcam. A local attacker could exploit this vulnerability to cause a kernel panic.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26614
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to making sure init the accept_queue's spinlocks once. A local attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26640
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the lack of sanity checks to rx zerocopy. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26660
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds access flaw in the stream_enc_regs array within DCN301. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26669
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a chain template offload flaw in net/sched. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 7.1
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2024-26686
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a hard lockup flaw in the lock_task_sighand() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-413: Improper Resource Locking
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26698
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition between netvsc_probe and netvsc_remove functions. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 4.1
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26704
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a double free of blocks due to wrong extents moved_len in the ext4_move_extents() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-415: Double Free
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26733
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a heap-based buffer overflow in arp_req_get(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-122: Heap-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26740
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a deadlock flaw when reverse flow of traffic with the redirect (egress -> ingress). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-833: Deadlock
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26772
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw with allocating blocks from corrupted group in ext4_mb_find_by_goal() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-229: Improper Handling of Values
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26802
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to clear variable when destroying workqueue. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26810
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition when mask operations through config space changes to DisINTx. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26837
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition between generation of the list of MDB events to replay with the creation of new group memberships. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26840
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a memory leak in the cachefiles_add_cache() function. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-26843
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a stack-based buffer overflow in soft-reserved region size md_size. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CWE: CWE-121: Stack-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 6
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2024-26852
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the ip6_route_mpath_notify() function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 7
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-26853
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in Igc. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26870
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a nfs4_listxattr kernel BUG at mm/usercopy.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26878
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26921
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a buffer underflow when skb fragments reassembled via netfilter or similar
modules. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-124: Buffer Underwrite ('Buffer Underflow')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26925
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-667: Improper Locking
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26960
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition between free_swap_and_cache() and swapoff() in 'mm: swap'. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-27065
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the table flag updates, in the netfilter: nf_tables module. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 4.7
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-27388
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak flaw in the gssx_dec_option_array. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-27395
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the ovs_ct_exit function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-27434
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw relate to setting the MFP flag for the GTK. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-31076
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a vector leak during CPU offline. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: Red Hat
CVSS Base score: 5.1
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L)
CVEID: CVE-2024-33621
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw with using skb->sk in ipvlan_process_v{4,6}_outbound. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 4.4
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35790
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the DisplayPort driver. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35801
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when CPU hotplug MSR_IA32_XFD is reset to the init_fpstate.xfd. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35807
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35810
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when manage the lifetime of the buffer objects held by the vmw_plane_state. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-416: Use After Free
CVSS Source: Red Hat
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35814
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a double-allocation of slots due to broken alignment handling. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35823
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a unicode buffer corruption when deleting characters. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35824
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw related to regulators getting en-/dis-abled twice on suspend/resume. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35847
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a double free flaw in the error handling path in its_vpe_irq_domain_alloc(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-415: Double Free
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35893
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a kernel-infoleak in the tcf_skbmod_dump() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35896
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper input validation for length in BPF module. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35897
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw with discard table flag update with pending basechain deletion. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: Red Hat
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35899
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition between exit_net and the destroy workqueue. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35900
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when trying to unregister and already unregistered chain. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35910
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw with improperly terminate timers for kernel sockets. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-94: Improper Control of Generation of Code ('Code Injection')
CVSS Source: IBM X-Force
CVSS Base score: 6.6
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2024-35912
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a response leaks when the rx payload length check fails, or if kmemdup() fails. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: Red Hat
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35924
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by buffer overflow when reading for UCSI 1.2. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35925
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a division by zero flaw in blk_rq_stat_sum(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-369: Divide By Zero
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35930
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in lpfc_rcv_padisc(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35937
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by improper validation of the A-MSDU format. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: Red Hat
CVSS Base score: 5.8
CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2024-35938
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a page allocation failure in wifi: ath11k. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35946
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a null pointer access when abort scan. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35952
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a soft lockup error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36000
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to missing hugetlb_lock for resv uncharge. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36005
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to netfilter: nf_tables: honor table dormant flag from netdev release event path. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36006
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to spectrum_acl_tcam. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36886
DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free when processing fragmented TIPC messages. By sending a specially crafted request, an attacker could exploit this vulnerability to execute code in the context of the kernel.
CWE: CWE-416: Use After Free
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-36889
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the failure to ensure snd_nxt is properly initialized on connect. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26773
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to llsec key resources release in mac802154_llsec_key_del. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-229: Improper Handling of Values
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-45490
DESCRIPTION: libexpat could provide weaker than expected security, caused by not reject a negative length for XML_ParseBuffer. A local attacker could exploit this vulnerability to launch further attacks on the system.
CWE: CWE-190: Integer Overflow or Wraparound
CVSS Source: NVD
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-45491
DESCRIPTION: libexpat could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the dtdCopy function in xmlparse.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-190: Integer Overflow or Wraparound
CVSS Source: CISA ADP
CVSS Base score: 7.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-45492
DESCRIPTION: libexpat could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the nextScaffoldPart function in xmlparse.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-190: Integer Overflow or Wraparound
CVSS Source: CISA ADP
CVSS Base score: 7.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-38286
DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of the TLS handshake process under certain configurations. By sending specially crafted requests, a remote attacker could exploit this vulnerability to cause an OutOfMemoryError resulting in a denial of service.
CWE: CWE-789: Memory Allocation with Excessive Size Value
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Affected Product(s) | Version(s) |
IBM QRadar SIEM | 7.5 - 7.5.0 UP10 |
Remediation/Fixes
IBM strongly encourages customers to update their systems promptly.
Product | Version | Fix |
IBM QRadar SIEM | 7.5.0 | 7.5.0 UP10 IF01 |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
Change History
01 Nov 2024: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
01 November 2024
UID
ibm17174634