A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HLinux Kernel
OSLinux3.2.85 – 3.3 (bez)3.16.40 – 3.17 (bez)3.18.54 – 3.19 (bez)4.0.0 – 4.9.316 (bez)4.10 – 4.14.281 (bez)4.15 – 4.19.245 (bez)4.20 – 5.4.196 (bez)5.5.0 – 5.10.118 (bez)5.11 – 5.15.42 (bez)5.16 – 5.17.10 (bez)Netapp Hci Baseboard Management Controller
APPNetapph300sh410sh500sh700s
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Race Condition
Referencje
Powiązane podatności
CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
CVE-2022-47986CRITICAL9.8⚠ KEVten sam produkt
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...
CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...
CVE-2020-4006CRITICAL9.1⚠ KEVten sam produkt
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a...