Search
Total
55 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33951 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Linux For Real Time and 1 more | 2023-12-28 | N/A | 5.3 MEDIUM |
| A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. | |||||
| CVE-2023-34320 | 2 Arm, Xen | 3 Cortex-a77, Cortex-a77 Firmware, Xen | 2023-12-13 | N/A | 5.5 MEDIUM |
| Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. | |||||
| CVE-2023-44297 | 1 Dell | 26 Poweredge C6620, Poweredge C6620 Firmware, Poweredge Hs5610 and 23 more | 2023-12-12 | N/A | 6.8 MEDIUM |
| Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service. | |||||
| CVE-2023-44298 | 1 Dell | 26 Poweredge C6620, Poweredge C6620 Firmware, Poweredge Hs5610 and 23 more | 2023-12-12 | N/A | 6.8 MEDIUM |
| Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service. | |||||
| CVE-2023-2269 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2023-08-19 | N/A | 4.4 MEDIUM |
| A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. | |||||
| CVE-2023-21400 | 1 Google | 1 Android | 2023-08-19 | N/A | 6.7 MEDIUM |
| In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-31624 | 1 Mariadb | 1 Mariadb | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | |||||
| CVE-2022-26356 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2023-08-08 | 4.0 MEDIUM | 5.6 MEDIUM |
| Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak. | |||||
| CVE-2022-31622 | 1 Mariadb | 1 Mariadb | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | |||||
| CVE-2022-20376 | 1 Google | 1 Android | 2023-08-08 | N/A | 6.7 MEDIUM |
| In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216130110References: N/A | |||||
| CVE-2021-0147 | 1 Intel | 1 Power Management Controller | 2023-08-08 | 2.1 LOW | 4.4 MEDIUM |
| Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-20153 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 6.7 MEDIUM |
| In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel | |||||
| CVE-2022-26473 | 2 Google, Mediatek | 11 Android, Mt6789, Mt6855 and 8 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197. | |||||
| CVE-2022-20371 | 1 Google | 1 Android | 2023-08-08 | N/A | 6.4 MEDIUM |
| In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195565510References: Upstream kernel | |||||
| CVE-2022-26452 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305. | |||||
| CVE-2022-38791 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2023-08-08 | N/A | 5.5 MEDIUM |
| In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | |||||
| CVE-2021-39649 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049006References: N/A | |||||
| CVE-2022-26451 | 2 Google, Mediatek | 8 Android, Mt6789, Mt6855 and 5 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In ged, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202966; Issue ID: ALPS07202966. | |||||
| CVE-2021-43395 | 5 Illumos, Joyent, Omniosce and 2 more | 5 Illumos, Smartos, Omnios and 2 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected. | |||||
| CVE-2023-3750 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2023-08-02 | N/A | 5.3 MEDIUM |
| A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon. | |||||
| CVE-2023-2430 | 1 Linux | 1 Linux Kernel | 2023-08-01 | N/A | 5.5 MEDIUM |
| A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat. | |||||
| CVE-2023-0160 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2023-07-27 | N/A | 5.5 MEDIUM |
| A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system. | |||||
| CVE-2022-24329 | 2 Jetbrains, Oracle | 2 Kotlin, Communications Pricing Design Center | 2022-07-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | |||||
| CVE-2022-0897 | 2 Netapp, Redhat | 2 Ontap Select Deploy Administration Utility, Libvirt | 2022-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver->nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver->nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). | |||||
| CVE-2022-21775 | 2 Google, Mediatek | 46 Android, Mt2601, Mt6761 and 43 more | 2022-07-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| In sched driver, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479032; Issue ID: ALPS06479032. | |||||
| CVE-2021-31786 | 1 Actions-semi | 10 Ats2815, Ats2815 Firmware, Ats2819 and 7 more | 2022-07-12 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host. | |||||
| CVE-2022-31621 | 1 Mariadb | 1 Mariadb | 2022-07-07 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | |||||
| CVE-2022-31623 | 1 Mariadb | 1 Mariadb | 2022-07-07 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | |||||
| CVE-2021-4149 | 1 Linux | 1 Linux Kernel | 2022-07-01 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. | |||||
| CVE-2021-3667 | 2 Netapp, Redhat | 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt | 2022-06-04 | 3.5 LOW | 6.5 MEDIUM |
| An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-4147 | 2 Fedoraproject, Redhat | 2 Fedora, Libvirt | 2022-05-13 | 4.9 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. | |||||
| CVE-2021-28951 | 3 Fedoraproject, Linux, Netapp | 11 Fedora, Linux Kernel, A250 and 8 more | 2022-05-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. | |||||
| CVE-2021-38203 | 2 Linux, Netapp | 7 Linux Kernel, Element Software, Hci Bootstrap Os and 4 more | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info. | |||||
| CVE-2021-1123 | 1 Nvidia | 1 Virtual Gpu | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service. | |||||
| CVE-2021-31611 | 1 Zh-jieli | 10 Ac6901, Ac6901 Firmware, Ac6921 and 7 more | 2022-05-03 | 3.3 LOW | 5.7 MEDIUM |
| The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication. | |||||
| CVE-2021-31785 | 1 Actions-semi | 10 Ats2815, Ats2815 Firmware, Ats2819 and 7 more | 2022-05-03 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication. | |||||
| CVE-2020-12771 | 6 Canonical, Debian, Linux and 3 more | 37 Ubuntu Linux, Debian Linux, Linux Kernel and 34 more | 2022-04-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. | |||||
| CVE-2021-20315 | 2 Centos, Gnome | 2 Stream, Gnome-shell | 2022-02-28 | 3.6 LOW | 6.1 MEDIUM |
| A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked. | |||||
| CVE-2022-20016 | 2 Google, Mediatek | 17 Android, Mt6781, Mt6785 and 14 more | 2022-01-11 | 4.6 MEDIUM | 6.7 MEDIUM |
| In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862986; Issue ID: ALPS05862986. | |||||
| CVE-2021-39656 | 1 Google | 1 Android | 2021-12-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel | |||||
| CVE-2021-39647 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198713939References: N/A | |||||
| CVE-2020-29660 | 5 Broadcom, Debian, Fedoraproject and 2 more | 17 Fabric Operating System, Debian Linux, Fedora and 14 more | 2021-11-30 | 2.1 LOW | 4.4 MEDIUM |
| A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. | |||||
| CVE-2021-41213 | 1 Google | 1 Tensorflow | 2021-11-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2019-1732 | 1 Cisco | 18 Nexus 3000, Nexus 3100, Nexus 3100-z and 15 more | 2021-11-03 | 6.9 MEDIUM | 6.4 MEDIUM |
| A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device. | |||||
| CVE-2021-0625 | 1 Google | 1 Android | 2021-10-26 | 7.2 HIGH | 6.7 MEDIUM |
| In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996. | |||||
| CVE-2018-0381 | 1 Cisco | 1 Aironet Access Points | 2021-09-13 | 5.5 MEDIUM | 6.8 MEDIUM |
| A vulnerability in the Cisco Aironet Series Access Points (APs) software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a deadlock condition that may occur when an affected AP attempts to dequeue aggregated traffic that is destined to an attacker-controlled wireless client. An attacker who can successfully transition between multiple Service Set Identifiers (SSIDs) hosted on the same AP while replicating the required traffic patterns could trigger the deadlock condition. A watchdog timer that detects the condition will trigger a reload of the device, resulting in a DoS condition while the device restarts. | |||||
| CVE-2020-27035 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213 | |||||
| CVE-2021-20291 | 3 Fedoraproject, Redhat, Storage Project | 4 Fedora, Enterprise Linux, Openshift Container Platform and 1 more | 2021-06-02 | 7.1 HIGH | 6.5 MEDIUM |
| A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS). | |||||
| CVE-2021-31427 | 1 Parallels | 1 Parallels Desktop | 2021-05-05 | 1.9 LOW | 5.6 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13082. | |||||
| CVE-2019-3901 | 3 Debian, Linux, Netapp | 11 Debian Linux, Linux Kernel, Active Iq Unified Manager For Vmware Vsphere and 8 more | 2020-12-04 | 1.9 LOW | 4.7 MEDIUM |
| A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. | |||||