Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-4911

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-03 Oct, 2023 | 17:25
Updated At-14 Jul, 2026 | 11:59
Rejected At-
Credits

GNU C Library Buffer Overflow Vulnerability

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
GNUGNU
Product:GNU C Library
Added At:21 Nov, 2023
Due At:12 Dec, 2023

GNU C Library Buffer Overflow Vulnerability

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

Used in Ransomware

:

Unknown

CWE

:
CWE-122

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes:

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa, https://access.redhat.com/security/cve/cve-2023-4911, https://www.debian.org/security/2023/dsa-5514 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4911
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:03 Oct, 2023 | 17:25
Updated At:14 Jul, 2026 | 11:59
Rejected At:
▼CVE Numbering Authority (CNA)
Glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Affected Products
Collection URL
https://sourceware.org/git/glibc.git
Package Name
glibc
Default Status
unaffected
Versions
Affected
  • From 2.34 before 2.39 (custom)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glibc
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
  • cpe:/o:redhat:enterprise_linux:8::baseos
  • cpe:/a:redhat:enterprise_linux:8::crb
Default Status
affected
Versions
Unaffected
  • From 0:2.28-225.el8_8.6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glibc
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
  • cpe:/o:redhat:enterprise_linux:8::baseos
  • cpe:/a:redhat:enterprise_linux:8::crb
Default Status
affected
Versions
Unaffected
  • From 0:2.28-225.el8_8.6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.6 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glibc
CPEs
  • cpe:/o:redhat:rhel_eus:8.6::baseos
  • cpe:/a:redhat:rhel_eus:8.6::appstream
  • cpe:/o:redhat:rhev_hypervisor:4.4::el8
  • cpe:/a:redhat:rhel_eus:8.6::crb
Default Status
affected
Versions
Unaffected
  • From 0:2.28-189.6.el8_6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glibc
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/a:redhat:enterprise_linux:9::crb
  • cpe:/o:redhat:enterprise_linux:9::baseos
Default Status
affected
Versions
Unaffected
  • From 0:2.34-60.el9_2.7 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glibc
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/a:redhat:enterprise_linux:9::crb
  • cpe:/o:redhat:enterprise_linux:9::baseos
Default Status
affected
Versions
Unaffected
  • From 0:2.34-60.el9_2.7 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.0 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glibc
CPEs
  • cpe:/a:redhat:rhel_eus:9.0::appstream
  • cpe:/o:redhat:rhel_eus:9.0::baseos
  • cpe:/a:redhat:rhel_eus:9.0::crb
Default Status
affected
Versions
Unaffected
  • From 0:2.34-28.el9_0.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glibc
CPEs
  • cpe:/o:redhat:rhel_eus:8.6::baseos
  • cpe:/a:redhat:rhel_eus:8.6::appstream
  • cpe:/o:redhat:rhev_hypervisor:4.4::el8
  • cpe:/a:redhat:rhel_eus:8.6::crb
Default Status
affected
Versions
Unaffected
  • From 0:2.28-189.6.el8_6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
redhat-release-virtualization-host
CPEs
  • cpe:/o:redhat:rhev_hypervisor:4.4::el8
Default Status
affected
Versions
Unaffected
  • From 0:4.5.3-10.el8ev before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
redhat-virtualization-host
CPEs
  • cpe:/o:redhat:rhev_hypervisor:4.4::el8
Default Status
affected
Versions
Unaffected
  • From 0:4.5.3-202312060823_8.6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glibc
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
compat-glibc
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glibc
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-122Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

For customers who cannot update immediately and do not have Secure Boot feature enabled, the issue can be mitigated using the provided SystemTap script with the following steps. When enabled, any setuid program invoked with GLIBC_TUNABLES in the environment will be terminated immediately. To invoke the setuid program, users will then have to unset or clear the GLIBC_TUNABLES envvar, e.g. `GLIBC_TUNABLES= sudo` . Note that these mitigation steps will need to be repeated if the system is rebooted. 1) Install required systemtap packages and dependencies as per - https://access.redhat.com/solutions/5441 2) Create the following systemtap script, and name it stap_block_suid_tunables.stp: ~~~ function has_tunable_string:long() { name = "GLIBC_TUNABLES" mm = @task(task_current())->mm; if (mm) { env_start = @mm(mm)->env_start; env_end = @mm(mm)->env_end; if (env_start != 0 && env_end != 0) while (env_end > env_start) { cur = user_string(env_start, ""); env_name = tokenize(cur, "="); if (env_name == name && tokenize("", "") != "") return 1; env_start += strlen (cur) + 1 } } return 0; } probe process("/lib*/ld*.so*").function("__tunables_init") { atsecure = 0; /* Skip processing if we can't read __libc_enable_secure, e.g. core dump handler (systemd-cgroups-agent and systemd-coredump). */ try { atsecure = @var("__libc_enable_secure"); } catch { printk (4, sprintf ("CVE-2023-4911: Skipped check: %s (%d)", execname(), pid())); } if (atsecure && has_tunable_string ()) raise (9); } ~~~ 3) Load the systemtap module into the running kernel: ~~~ stap -g -F -m stap_block_suid_tunables stap_block_suid_tunables.stp ~~~ 4) Ensure the module is loaded: ~~~ lsmod | grep -i stap_block_suid_tunables stap_block_suid_tunables 249856 0 ~~~ 5) Once the glibc package is updated to the version containing the fix, the systemtap generated kernel module can be removed by running: ~~~ rmmod stap_block_suid_tunables ~~~ If Secure Boot is enabled on a system, the SystemTap module must be signed. An external compiling server can be used to sign the generated kernel module with a key enrolled into the kernel's keyring or starting with SystemTap 4.7 you can sign a module without a compile server. See further information here - https://www.redhat.com/sysadmin/secure-boot-systemtap

Exploits

Credits

Red Hat would like to thank Qualys Research Labs for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2023-09-04 00:00:00
Made public.2023-10-03 17:00:00
Event: Reported to Red Hat.
Date: 2023-09-04 00:00:00
Event: Made public.
Date: 2023-10-03 17:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2023:5453
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:5454
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:5455
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:5476
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0033
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-4911
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2238352
issue-tracking
x_refsource_REDHAT
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
N/A
https://www.qualys.com/cve-2023-4911/
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5453
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5454
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5455
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5476
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0033
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-4911
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2238352
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
Resource: N/A
Hyperlink: https://www.qualys.com/cve-2023-4911/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.exploit-db.com/exploits/52479
N/A
http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
x_transferred
http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/11
x_transferred
http://www.openwall.com/lists/oss-security/2023/10/03/2
x_transferred
http://www.openwall.com/lists/oss-security/2023/10/03/3
x_transferred
http://www.openwall.com/lists/oss-security/2023/10/05/1
x_transferred
http://www.openwall.com/lists/oss-security/2023/10/13/11
x_transferred
http://www.openwall.com/lists/oss-security/2023/10/14/3
x_transferred
http://www.openwall.com/lists/oss-security/2023/10/14/5
x_transferred
http://www.openwall.com/lists/oss-security/2023/10/14/6
x_transferred
https://access.redhat.com/errata/RHSA-2023:5453
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2023:5454
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2023:5455
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2023:5476
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0033
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/security/cve/CVE-2023-4911
vdb-entry
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=2238352
issue-tracking
x_refsource_REDHAT
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
x_transferred
https://security.gentoo.org/glsa/202310-03
x_transferred
https://security.netapp.com/advisory/ntap-20231013-0006/
x_transferred
https://www.debian.org/security/2023/dsa-5514
x_transferred
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
x_transferred
https://www.qualys.com/cve-2023-4911/
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/52479
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
Resource:
x_transferred
Hyperlink: http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/11
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/03/2
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/03/3
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/05/1
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/13/11
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/14/3
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/14/5
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/14/6
Resource:
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5453
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5454
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5455
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5476
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0033
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-4911
Resource:
vdb-entry
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2238352
Resource:
issue-tracking
x_refsource_REDHAT
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
Resource:
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202310-03
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20231013-0006/
Resource:
x_transferred
Hyperlink: https://www.debian.org/security/2023/dsa-5514
Resource:
x_transferred
Hyperlink: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
Resource:
x_transferred
Hyperlink: https://www.qualys.com/cve-2023-4911/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
kev
dateAdded:
2023-11-21
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
CVE-2023-4911 added to CISA KEV2023-11-21 00:00:00
Event: CVE-2023-4911 added to CISA KEV
Date: 2023-11-21 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911
Resource:
government-resource
3.
Affected Products
Vendor
Siemens AGSiemens
Product
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
Default Status
unknown
Versions
Affected
  • From V3.1.5 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
Default Status
unknown
Versions
Affected
  • From V3.1.5 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
Default Status
unknown
Versions
Affected
  • From V3.1.5 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
Default Status
unknown
Versions
Affected
  • From V3.1.5 before * (custom)
Vendor
Siemens AGSiemens
Product
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP
Default Status
unknown
Versions
Affected
  • From V3.1.5 before * (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-831302.html
N/A
https://cert-portal.siemens.com/productcert/html/ssa-794697.html
N/A
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-831302.html
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-794697.html
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:03 Oct, 2023 | 18:15
Updated At:12 May, 2026 | 11:16

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2023-11-212023-12-12GNU C Library Buffer Overflow VulnerabilityApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2023-11-21
Due Date: 2023-12-12
Vulnerability Name: GNU C Library Buffer Overflow Vulnerability
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches

NetApp, Inc.
netapp
>>bootstrap_os>>-
cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>hci_compute_node>>-
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
GNU
gnu
>>glibc>>Versions from 2.34(inclusive) to 2.39(exclusive)
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>37
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>38
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>39
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder>>9.0
cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_eus>>8.6
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_eus>>9.2
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_eus>>9.4
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_eus>>9.6
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_arm64>>9.0_aarch64
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_arm64_eus>>8.6
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_arm64_eus>>9.2_aarch64
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_arm64_eus>>9.4_aarch64
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_arm64_eus>>9.6_aarch64
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_ibm_z_systems>>9.0_s390x
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_ibm_z_systems_eus>>8.6
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_ibm_z_systems_eus>>9.2_s390x
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_ibm_z_systems_eus>>9.4_s390x
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_ibm_z_systems_eus>>9.6_s390x
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_power_little_endian>>9.0_ppc64le
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_power_little_endian_eus>>8.6
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_power_little_endian_eus>>9.2_ppc64le
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_power_little_endian_eus>>9.4_ppc64le
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_power_little_endian_eus>>9.6_ppc64le
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>virtualization>>4.0
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>virtualization_host>>4.0
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>8.6
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>9.2
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>9.4
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>9.6
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_arm_64>>9.0_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_arm_64_eus>>8.6_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_arm_64_eus>>9.2_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_arm_64_eus>>9.4_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_arm_64_eus>>9.6_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_ibm_z_systems>>9.0_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_ibm_z_systems_eus>>9.2_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_ibm_z_systems_eus>>9.4_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_ibm_z_systems_eus>>9.6_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_ibm_z_systems_eus_s390x>>8.6
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_power_big_endian_eus>>8.6_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_power_little_endian>>9.0_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_power_little_endian_eus>>9.2_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_power_little_endian_eus>>9.4_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_power_little_endian_eus>>9.6_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>8.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Secondarysecalert@redhat.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-122
Type: Secondary
Source: secalert@redhat.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2023:5453secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5454secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5476secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0033secalert@redhat.com
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4911secalert@redhat.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2238352secalert@redhat.com
Issue Tracking
Patch
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txtsecalert@redhat.com
Exploit
Third Party Advisory
https://www.qualys.com/cve-2023-4911/secalert@redhat.com
Third Party Advisory
http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2023/Oct/11af854a3a-2127-422b-91ae-364da2661108
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/03/2af854a3a-2127-422b-91ae-364da2661108
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/03/3af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/05/1af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/13/11af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/3af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/5af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/6af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://access.redhat.com/errata/RHSA-2023:5453af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5454af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5476af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0033af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4911af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2238352af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://security.gentoo.org/glsa/202310-03af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231013-0006/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2023/dsa-5514af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://www.exploit-db.com/exploits/52479af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.qualys.com/cve-2023-4911/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
N/A
https://cert-portal.siemens.com/productcert/html/ssa-794697.html0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
N/A
https://cert-portal.siemens.com/productcert/html/ssa-831302.html0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
N/A
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5453
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5454
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5455
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5476
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0033
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-4911
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2238352
Source: secalert@redhat.com
Resource:
Issue Tracking
Patch
Hyperlink: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
Source: secalert@redhat.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.qualys.com/cve-2023-4911/
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/03/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Mailing List
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/03/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/05/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/13/11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/14/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/14/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/14/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5453
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5454
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5455
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:5476
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0033
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-4911
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2238352
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://security.gentoo.org/glsa/202310-03
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20231013-0006/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2023/dsa-5514
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://www.exploit-db.com/exploits/52479
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.qualys.com/cve-2023-4911/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-794697.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-831302.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
Resource: N/A
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

4637Records found

CVE-2020-12653
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 35.26%
||
7 Day CHG~0.00%
Published-05 May, 2020 | 04:47
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-a700s_firmwarecloud_backuph300s_firmwareh410c_firmwareh410sh610s_firmwareh300shci_compute_nodesteelstore_cloud_integrated_storageh300e_firmwareh610sh500ehci_management_nodeh500s_firmwareh500e_firmwarea700sh700ehci_compute_node_firmwareh610c_firmwareh610cleaph300eh500sh615c_firmwareactive_iq_unified_managerelement_softwaresolidfiredebian_linuxlinux_kernelh410s_firmwareh700s_firmwareh410ch700e_firmwareh615ch700sn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35001
Matching Score-10
Assigner-Canonical Ltd.
ShareView Details
Matching Score-10
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-1.51% / 71.56%
||
7 Day CHG~0.00%
Published-05 Jul, 2023 | 18:35
Updated-13 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

Action-Not Available
Vendor-Linux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxlinux_kernelh500sfedorah410sh410ch300sh700sLinux Kernel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52669
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.25% / 16.18%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 14:01
Updated-11 May, 2026 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
crypto: s390/aes - Fix buffer overread in CTR mode

In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of data left. Fix this by using the actual length left and copy it into a buffer first for processing.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29491
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.92% / 56.38%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

Action-Not Available
Vendor-n/aGNU
Product-ncursesn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6246
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.4||HIGH
EPSS-4.79% / 90.94%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 14:06
Updated-14 Jul, 2026 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glibc: heap-based buffer overflow in __vsyslog_internal()

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Action-Not Available
Vendor-n/aSiemens AGGNURed Hat, Inc.Fedora Project
Product-glibcfedoraglibcRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8FedoraSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIPLUS S7-1500 CPU 1518-4 PN/DP MFP
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45417
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.49% / 39.11%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Action-Not Available
Vendor-advanced_intrusion_detection_environment_projectn/aCanonical Ltd.Red Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoravirtualization_hostenterprise_linuxovirt-nodeadvanced_intrusion_detection_environmentn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5436
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-49.74% / 98.77%
||
7 Day CHG~0.00%
Published-28 May, 2019 | 18:47
Updated-15 Apr, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxopenSUSEF5, Inc.NetApp, Inc.Fedora ProjectCURL
Product-debian_linuxhci_management_nodetraffix_signaling_delivery_controllersolidfireoss_support_toolsenterprise_manager_ops_centerlibcurlleapmysql_serversteelstore_cloud_integrated_storagefedoracurl
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-2598
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.37% / 68.86%
||
7 Day CHG~0.00%
Published-01 Jun, 2023 | 00:00
Updated-23 Apr, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.
Product-linux_kernelhci_baseboard_management_controllerKernel
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25051
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.55% / 42.28%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 06:46
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNUFedora Project
Product-debian_linuxfedoraaspelln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2214
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.33% / 25.52%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 17:44
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel

Action-Not Available
Vendor-n/aCanonical Ltd.Google LLC
Product-androidubuntu_linuxAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-5367
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.62% / 45.70%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 19:46
Updated-23 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

Action-Not Available
Vendor-X.Org FoundationFedora ProjectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_for_ibm_z_systemsdebian_linuxenterprise_linux_desktopenterprise_linuxenterprise_linux_workstationenterprise_linux_for_power_little_endianfedoraenterprise_linux_for_scientific_computingx_serverenterprise_linux_for_power_big_endianxwaylandenterprise_linux_serverRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.1 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.2 Telecommunications Update Service
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-6318
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.75% / 50.73%
||
7 Day CHG~0.00%
Published-07 Sep, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.

Action-Not Available
Vendor-cracklib_projectn/aDebian GNU/LinuxopenSUSE
Product-leapdebian_linuxcracklibn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21255
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.19% / 9.33%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 23:33
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Debian GNU/LinuxGoogle LLC
Product-androiddebian_linuxAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18389
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 35.61%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 00:00
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

Action-Not Available
Vendor-virglrenderer_projectn/aDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-virglrendererdebian_linuxleapenterprise_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-37576
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.57% / 43.62%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 21:35
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, Inc
Product-fedoralinux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-5126
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.70% / 49.07%
||
7 Day CHG~0.00%
Published-01 Jun, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

Action-Not Available
Vendor-n/aCanonical Ltd.QEMUOracle CorporationRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverqemuenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktoplinuxenterprise_linux_server_ausenterprise_linux_eusopenstackvirtualizationenterprise_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-8835
Matching Score-10
Assigner-Canonical Ltd.
ShareView Details
Matching Score-10
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-6.01% / 92.52%
||
7 Day CHG-0.05%
Published-02 Apr, 2020 | 18:00
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel bpf verifier vulnerability

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)

Action-Not Available
Vendor-Linux kernelNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxa700s_firmwarea320_firmwarecloud_backupa400_firmwarefas2720fas2720_firmwareh300s_firmwareh410sc190h610s_firmwareh300ssteelstore_cloud_integrated_storageh300e_firmwareh610s8700fas2750_firmwarefas2750h500ehci_management_nodefedorah500s_firmwareh500e_firmwarea700sa220h700e8700_firmwareh610c_firmwareh610ch300ea800h500sh615c_firmwarea3208300_firmwaresolidfire8300a800_firmwarelinux_kernela400h410s_firmwareh700s_firmwarec190_firmwarea220_firmwareh700e_firmwareh615ch700sLinux kernel
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-3612
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.69% / 48.58%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 10:33
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Action-Not Available
Vendor-n/aFedora ProjectRed Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-h300eh500scloud_backupenterprise_linuxh300s_firmwareh410c_firmwarecommunications_cloud_native_core_network_exposure_functionh410sh300scommunications_cloud_native_core_policysolidfire_baseboard_management_controllerh300e_firmwaredebian_linuxlinux_kernelh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwarecommunications_cloud_native_core_binding_support_functionh700eh410ch700e_firmwaresolidfire_baseboard_management_controller_firmwareh700skernel
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14816
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 55.98%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 18:25
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Action-Not Available
Vendor-NetApp, Inc.Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxa700s_firmwarea320_firmwareenterprise_linux_server_ausfas2720fas2720_firmwareh300s_firmwareh410sc190h610s_firmwareh300senterprise_linux_tussteelstore_cloud_integrated_storageh300e_firmwareh610sfas2750fas2750_firmwareh500ehci_management_nodefedorah500s_firmwareh500e_firmwareenterprise_linux_eusa700sa220h700sh700edata_availability_servicesleaph300ea800virtualizationh500sservice_processorenterprise_linuxenterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusa320enterprise_linux_compute_node_eussolidfirea800_firmwaredebian_linuxlinux_kernelh410s_firmwareh700s_firmwarec190_firmwarea220_firmwareenterprise_linux_for_power_big_endian_eusenterprise_linux_server_tush700e_firmwareenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_for_real_timemessaging_realtime_gridkernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33909
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-9.73% / 94.98%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 18:01
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Action-Not Available
Vendor-n/aFedora ProjectSonicWall Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-debian_linuxlinux_kernelhci_management_nodefedorasma1000_firmwarecommunications_session_border_controllersma1000solidfiren/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-40579
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 3.49%
||
7 Day CHG-0.00%
Published-13 May, 2025 | 09:39
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-scalance_lpe9403scalance_lpe9403_firmwareSCALANCE LPE9403
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-39841
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.27%
||
7 Day CHG~0.00%
Published-19 Sep, 2025 | 15:26
Updated-11 Jun, 2026 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
scsi: lpfc: Fix buffer free/clear order in deferred receive path

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock. Concurrent paths (e.g., ABTS and the repost path) also inspect and release the same pointer under the lock, so the old order could lead to double-free/UAF. Note that the repost path already uses the correct pattern: detach the pointer under the lock, then free it after dropping the lock. The deferred path should do the same.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/LinuxSiemens AG
Product-debian_linuxlinux_kernelLinuxSCALANCE XRH334 (24 V DC, 8xFO, CC)RUGGEDCOM RST2428PSCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)SCALANCE XRM334 (230 V AC, 12xFO)SCALANCE XRM334 (2x230 V AC, 12xFO)SCALANCE XCM332SCALANCE XCM324SCALANCE XCM328SCALANCE XRM334 (230 V AC, 8xFO)SCALANCE XCH328SCALANCE XRM334 (24 V DC, 8xFO)SCALANCE XRM334 (2x230 V AC, 8xFO)SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familySCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)SCALANCE XRM334 (24 V DC, 12xFO)SIMATIC CN 4100
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-38415
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.82%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 13:32
Updated-18 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Squashfs: check return result of sb_min_blocksize

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, issues an ioctl("/dev/loop0", LOOP_SET_BLOCK_SIZE, 0x8000). Now if this ioctl occurs at the same time another process is in the process of mounting a Squashfs filesystem on /dev/loop0, the failure occurs. When this happens the following code in squashfs_fill_super() fails. ---- msblk->devblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE); msblk->devblksize_log2 = ffz(~msblk->devblksize); ---- sb_min_blocksize() returns 0, which means msblk->devblksize is set to 0. As a result, ffz(~msblk->devblksize) returns 64, and msblk->devblksize_log2 is set to 64. This subsequently causes the UBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36 shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long') This commit adds a check for a 0 return by sb_min_blocksize().

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-38456
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.15% / 5.08%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 15:27
Updated-11 May, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()

In the Linux kernel, the following vulnerability has been resolved: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() The "intf" list iterator is an invalid pointer if the correct "intf->intf_num" is not found. Calling atomic_dec(&intf->nr_users) on and invalid pointer will lead to memory corruption. We don't really need to call atomic_dec() if we haven't called atomic_add_return() so update the if (intf->in_shutdown) path as well.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-39788
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.15% / 5.12%
||
7 Day CHG~0.00%
Published-11 Sep, 2025 | 16:56
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32, and in this case the driver ends up programming the UTRL_NEXUS_TYPE incorrectly as 0. This is because the left hand side of the shift is 1, which is of type int, i.e. 31 bits wide. Shifting by more than that width results in undefined behaviour. Fix this by switching to the BIT() macro, which applies correct type casting as required. This ensures the correct value is written to UTRL_NEXUS_TYPE (0xffffffff on gs101), and it also fixes a UBSAN shift warning: UBSAN: shift-out-of-bounds in drivers/ufs/host/ufs-exynos.c:1113:21 shift exponent 32 is too large for 32-bit type 'int' For consistency, apply the same change to the nutmrs / UTMRL_NEXUS_TYPE write.

Action-Not Available
Vendor-Debian GNU/LinuxSiemens AGLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinuxSIMATIC CN 4100
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-38702
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.17% / 7.05%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 15:32
Updated-14 Jul, 2026 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fbdev: fix potential buffer overflow in do_register_framebuffer()

In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access.

Action-Not Available
Vendor-Debian GNU/LinuxSiemens AGLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinuxSIMATIC CN 4100SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIPLUS S7-1500 CPU 1518-4 PN/DP MFP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-38538
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.40%
||
7 Day CHG+0.01%
Published-16 Aug, 2025 | 11:12
Updated-11 May, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dmaengine: nbpfaxi: Fix memory corruption in probe()

In the Linux kernel, the following vulnerability has been resolved: dmaengine: nbpfaxi: Fix memory corruption in probe() The nbpf->chan[] array is allocated earlier in the nbpf_probe() function and it has "num_channels" elements. These three loops iterate one element farther than they should and corrupt memory. The changes to the second loop are more involved. In this case, we're copying data from the irqbuf[] array into the nbpf->chan[] array. If the data in irqbuf[i] is the error IRQ then we skip it, so the iterators are not in sync. I added a check to ensure that we don't go beyond the end of the irqbuf[] array. I'm pretty sure this can't happen, but it seemed harmless to add a check. On the other hand, after the loop has ended there is a check to ensure that the "chan" iterator is where we expect it to be. In the original code we went one element beyond the end of the array so the iterator wasn't in the correct place and it would always return -EINVAL. However, now it will always be in the correct place. I deleted the check since we know the result.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-linux_kerneldebian_linuxLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-38401
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.49%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 12:53
Updated-11 May, 2026 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mtk-sd: Prevent memory corruption from DMA map failure

In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdc_prepare_data() fails to map the DMA region, the request is not prepared for data receiving, but msdc_start_data() proceeds the DMA with previous setting. Since this will lead a memory corruption, we have to stop the request operation soon after the msdc_prepare_data() fails to prepare it.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-38183
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.15% / 5.08%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 13:37
Updated-11 May, 2026 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()

In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Before calling lan743x_ptp_io_event_clock_get(), the 'channel' value is checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8). This seems correct and aligns with the PTP interrupt status register (PTP_INT_STS) specifications. However, lan743x_ptp_io_event_clock_get() writes to ptp->extts[] with only LAN743X_PTP_N_EXTTS(4) elements, using channel as an index: lan743x_ptp_io_event_clock_get(..., u8 channel,...) { ... /* Update Local timestamp */ extts = &ptp->extts[channel]; extts->ts.tv_sec = sec; ... } To avoid an out-of-bounds write and utilize all the supported GPIO inputs, set LAN743X_PTP_N_EXTTS to 8. Detected using the static analysis tool - Svace.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-37947
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.20% / 10.48%
||
7 Day CHG~0.00%
Published-20 May, 2025 | 16:01
Updated-11 May, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ksmbd: prevent out-of-bounds stream writes by validating *pos

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was within the bounds of the existing stream data length (v_len). If *pos was greater than or equal to v_len, this could lead to an out-of-bounds memory write. This patch adds a check to ensure *pos is less than v_len before proceeding. If the condition fails, -EINVAL is returned.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-38226
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.27%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 13:37
Updated-23 May, 2026 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
media: vivid: Change the siize of the composing

In the Linux kernel, the following vulnerability has been resolved: media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705 Write of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304 CPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705 vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline] vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629 vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> The composition size cannot be larger than the size of fmt_cap_rect. So execute v4l2_rect_map_inside() even if has_compose_cap == 0.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-37927
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.20% / 10.23%
||
7 Day CHG~0.00%
Published-20 May, 2025 | 15:21
Updated-11 May, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow of hid or uid buffers. Comparing ACPIID_LEN against a total string length doesn't take into account the lengths of individual hid and uid buffers so the check is insufficient in some cases. For example if the length of hid string is 4 and the length of the uid string is 260, the length of str will be equal to ACPIID_LEN + 1 but uid string will overflow uid buffer which size is 256. The same applies to the hid string with length 13 and uid string with length 250. Check the length of hid and uid strings separately to prevent buffer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-37979
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.94%
||
7 Day CHG~0.00%
Published-20 May, 2025 | 16:58
Updated-11 May, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASoC: qcom: Fix sc7280 lpass potential buffer overflow

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution") cause out of bounds access in arrays of sc7280 driver data (e.g. in case of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()). Redefine LPASS_MAX_PORTS to consider the maximum possible port id for q6dsp as sc7280 driver utilizes some of those values. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-38068
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.38%
||
7 Day CHG~0.00%
Published-18 Jun, 2025 | 09:33
Updated-11 May, 2026 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
crypto: lzo - Fix compression buffer overrun

In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the buffer length provided by the caller. Add a safe compression interface that checks for the end of buffer before each write. Use the safe interface in crypto/lzo.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47518
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 25.09%
||
7 Day CHG~0.00%
Published-18 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncNetApp, Inc.
Product-h410s_firmwareh500slinux_kernelh410sh700sh700s_firmwareh500s_firmwareh410cdebian_linuxh410c_firmwareh300s_firmwareh300sn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47519
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 21.71%
||
7 Day CHG~0.00%
Published-18 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncNetApp, Inc.
Product-h410s_firmwareh500slinux_kernelh410sh700sh700s_firmwareh500s_firmwareh410cdebian_linuxh410c_firmwareh300s_firmwareh300sn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33287
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.41% / 33.56%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 00:00
Updated-09 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-ntfs-3gdebian_linuxfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14814
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 54.74%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 18:27
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Action-Not Available
Vendor-openSUSECanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-ubuntu_linuxa700s_firmwarea320_firmwareenterprise_linux_server_ausfas2720fas2720_firmwareh300s_firmwareh410c_firmwareh410sc190h610s_firmwareh300ssteelstore_cloud_integrated_storageh300e_firmwareh610sfas2750fas2750_firmwareh500ehci_management_nodeh500s_firmwareh500e_firmwareenterprise_linux_eusa700sa220h700sh700edata_availability_servicesleaph300ea800h500sservice_processorenterprise_linuxenterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusa320solidfirea800_firmwaredebian_linuxlinux_kernelh410s_firmwareh700s_firmwarec190_firmwarea220_firmwareh410centerprise_linux_server_tush700e_firmwareenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_for_real_timemessaging_realtime_gridkernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14815
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.49% / 38.82%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 10:51
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.

Action-Not Available
Vendor-NetApp, Inc.Linux Kernel Organization, IncRed Hat, Inc.
Product-altavaultcodeready_linux_builder_for_power_little_endian_eusenterprise_linux_server_ausenterprise_linuxhcienterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusenterprise_linux_for_ibm_z_systems_\(structure_a\)solidfirebaseboard_management_controllerlinux_kernelenterprise_linux_for_ibm_z_systems_eussteelstoreenterprise_linux_server_tussolidfire_baseboard_management_controller_firmwareenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_for_real_timecodeready_linux_builder_euskernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47521
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 25.67%
||
7 Day CHG~0.00%
Published-18 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncNetApp, Inc.
Product-h410s_firmwareh500slinux_kernelh410sh700sh700s_firmwareh500s_firmwareh410cdebian_linuxh410c_firmwareh300s_firmwareh300sn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33200
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 29.94%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 00:00
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, Inc
Product-h300eh500scloud_backupsolidfire_\&_hci_management_nodeh300s_firmwareh410sh300ssolidfire_baseboard_management_controllerh300e_firmwarelinux_kernelh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh700e_firmwareh700sn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33285
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.41% / 33.71%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 00:00
Updated-03 Dec, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild.

Action-Not Available
Vendor-tuxeran/aFedora ProjectRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxntfs-3genterprise_linuxfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-47039
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.41% / 33.55%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:30
Updated-20 Nov, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Perl: perl for windows binary hijacking vulnerability

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.

Action-Not Available
Vendor-perlRed Hat, Inc.Microsoft Corporation
Product-windowsperlRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3490
Matching Score-10
Assigner-Canonical Ltd.
ShareView Details
Matching Score-10
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-27.48% / 97.85%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 01:40
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel eBPF bitwise ops ALU32 bounds tracking

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

Action-Not Available
Vendor-Linux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kernelLinux kernel
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-35269
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.48% / 38.12%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 00:00
Updated-09 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-ntfs-3gdebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-26595
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.40% / 32.25%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 15:54
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg: xwayland: buffer overflow in xkbvmodmasktext()

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

Action-Not Available
Vendor-tigervncX.Org FoundationRed Hat, Inc.
Product-xwaylandtigervncx_serverenterprise_linuxRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-26596
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.40% / 32.24%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 15:54
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg: xwayland: heap overflow in xkbwritekeysyms()

A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

Action-Not Available
Vendor-tigervncX.Org FoundationRed Hat, Inc.
Product-xwaylandtigervncx_serverenterprise_linuxRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-26598
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.37% / 29.15%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 15:54
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

Action-Not Available
Vendor-tigervncX.Org FoundationRed Hat, Inc.
Product-xwaylandtigervncx_serverenterprise_linuxRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3489
Matching Score-10
Assigner-Canonical Ltd.
ShareView Details
Matching Score-10
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.55% / 42.30%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 01:40
Updated-16 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel eBPF RINGBUF map oversized allocation

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).

Action-Not Available
Vendor-Linux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kernelLinux kernel
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-0053
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-7.8||HIGH
EPSS-0.59% / 44.15%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 19:40
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Insufficient validation of environment variables in telnet client may lead to stack-based buffer overflow

Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.

Action-Not Available
Vendor-Debian GNU/LinuxJuniper Networks, Inc.
Product-junosdebian_linuxJunos OS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 92
  • 93
  • Next
Details not found