CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
The vulnerability of the nft_set_rbtree function (net/netfilter/nft_set_rbtree.c) of the Netfilter component of the Linux operating system is related to the operation exceeding the memory buffer boundaries.
component of the Netfilter component of the Linux operating system is related to an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could
allow an attacker acting remotely to execute arbitrary code
Vulnerability of the init_smb2_rsp_hdr() function of the ksmbd module of the kernel of Linux operating systems is related to an operation exceeding the buffer boundaries in memory when an intruder acts remotely.
operation outside the buffer boundaries in memory when processing the need_neg parameter with the value false. Exploitation
exploitation of the vulnerability may allow a remote intruder to affect the confidentiality of protected information.
protected information
A vulnerability in the smb2_parse_contexts() function in the fs/smb/client/smb2pdu.c module of the SMB client SMB kernel of the Linux operating system is related to reading memory behind the need_neg parameter.
Linux kernel SMB client is related to reading memory outside the allocated buffer. Exploitation of the vulnerability could
allow an attacker acting remotely to gain access to protected information or cause a denial of
denial of service
A vulnerability in the f2fs file system of the Linux operating system kernel is related to the use of an uninitialized buffer.
uninitialized buffer. Exploitation of the vulnerability could allow an attacker to impact the
confidentiality, integrity and availability of protected information
Vulnerability of the binder_alloc_free_page() function in the drivers/android/binder_alloc.c module of the driver
drivers/android/binder of the Linux kernel is related to the use of memory after its
freeing due to competitive access to a resource (race condition). Exploitation of the vulnerability could
allow an attacker to impact the confidentiality, integrity and availability of protected
information
Vulnerability of the uio_open() function in the drivers/uio/uio.c module of the uio driver of the Linux operating system kernel
is related to memory usage after its release due to competitive access to a resource (race condition).
race condition). Exploitation of the vulnerability could allow an attacker to impact the confidentiality,
integrity and availability of protected information
Vulnerability of the nft_set_rbtree() function of the Netfilter subsystem of the Linux operating systems kernel is related to
using a resource after its expiration date when processing new items. Exploitation
The exploitation of the vulnerability could allow an attacker to cause a denial of service
Vulnerability of smb2_get_ksmbd_tcon() and smb2_check_user_session() functions of Linux kernel is related to incorrect neutralization of special items.
is related to incorrect neutralization of special elements in the logic of data request when processing
id and tree id parameters. Exploitation of the vulnerability could allow an attacker acting remotely,
escalate their privileges
Vulnerability of the tls_decrypt_done function (net/tls/tls_sw.c) of the Linux operating system kernel is associated with
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to cause a
denial of service
Vulnerability in the skb_segment function of the Net component of the Linux operating system kernel is related to improper
cleanup or release of resources. Exploitation of the vulnerability could allow an attacker to cause a denial of service
denial of service
Vulnerability of the ksmbd_decode_ntlmssp_auth_blob() function of the ksmbd module of the kernel of Linux operating systems is related to
with buffer copying without checking the input data size when processing the parameter
authblob->SessionKey.Length. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code.
remotely to execute arbitrary code
Vulnerability of crypto_aead_encrypt and crypto_aead_decrypt functions of the Linux kernel is related to
returning an invalid status code. Exploitation of the vulnerability could allow an attacker to cause a denial of
denial of service