Vulnerabilities > Netapp > H300S Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2021-4090 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel.
local
low complexity
linux netapp CWE-787
7.1
2022-02-18 CVE-2022-0646 Use After Free vulnerability in multiple products
A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device.
local
low complexity
linux netapp CWE-416
7.8
2022-02-16 CVE-2022-25265 Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products
In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20).
local
low complexity
linux netapp CWE-913
7.8
2022-02-16 CVE-2022-25258 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10.
4.6
2022-02-16 CVE-2021-3752 Race Condition vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition.
7.1
2022-02-16 CVE-2021-3753 A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE).
local
high complexity
linux redhat netapp
4.7
2022-02-16 CVE-2021-3760 Use After Free vulnerability in multiple products
A flaw was found in the Linux kernel.
local
low complexity
linux fedoraproject debian netapp CWE-416
7.8
2022-02-11 CVE-2022-0185 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length.
local
low complexity
linux netapp CWE-191
8.4
2022-02-11 CVE-2022-24958 Release of Invalid Pointer or Reference vulnerability in multiple products
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
local
low complexity
linux fedoraproject netapp debian CWE-763
7.8
2022-01-29 CVE-2022-24122 Use After Free vulnerability in multiple products
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
local
low complexity
linux netapp fedoraproject CWE-416
7.8