Total
1513 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-39712 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 6.4 MEDIUM |
In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A | |||||
CVE-2022-26828 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
Windows Bluetooth Driver Elevation of Privilege Vulnerability | |||||
CVE-2022-23042 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 | |||||
CVE-2021-3922 | 1 Lenovo | 1 System Interface Foundation | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe. | |||||
CVE-2022-23037 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 | |||||
CVE-2022-26807 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
Windows Work Folder Service Elevation of Privilege Vulnerability | |||||
CVE-2022-26817 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-02-28 | 8.5 HIGH | 6.6 MEDIUM |
Windows DNS Server Remote Code Execution Vulnerability | |||||
CVE-2022-26808 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
Windows File Explorer Elevation of Privilege Vulnerability | |||||
CVE-2022-20007 | 1 Google | 1 Android | 2024-02-28 | 6.2 MEDIUM | 7.0 HIGH |
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342 | |||||
CVE-2022-26827 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
Windows File Server Resource Management Service Elevation of Privilege Vulnerability | |||||
CVE-2021-20321 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. | |||||
CVE-2022-31758 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
CVE-2022-1048 | 4 Debian, Linux, Netapp and 1 more | 19 Debian Linux, Linux Kernel, H300e and 16 more | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
CVE-2022-26690 | 1 Apple | 1 Macos | 2024-02-28 | 2.6 LOW | 4.7 MEDIUM |
Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system. | |||||
CVE-2022-20097 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06383944. | |||||
CVE-2021-33075 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2022-20078 | 2 Google, Mediatek | 13 Android, Mt6833, Mt6853 and 10 more | 2024-02-28 | 6.9 MEDIUM | 6.4 MEDIUM |
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05852819; Issue ID: ALPS05852819. | |||||
CVE-2022-26357 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-02-28 | 6.2 MEDIUM | 7.0 HIGH |
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed. | |||||
CVE-2022-30128 | 1 Microsoft | 1 Edge Chromium | 2024-02-28 | 5.1 MEDIUM | 8.3 HIGH |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
CVE-2022-29113 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
Windows Digital Media Receiver Elevation of Privilege Vulnerability |