NetApp H500s
By the Year
In 2023 there have been 4 vulnerabilities in NetApp H500s with an average score of 8.0 out of ten. Last year H500s had 2 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2023 as compared to last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.18.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 4 | 7.98 |
| 2022 | 2 | 7.80 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 6.70 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new H500s vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NetApp H500s Security Vulnerabilities
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server
CVE-2023-32258
8.1 - High
- July 24, 2023
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Improper Locking
An issue was discovered in the Linux kernel before 6.3.8
CVE-2023-38427
9.8 - Critical
- July 18, 2023
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.
Out-of-bounds Read
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel
CVE-2023-1989
7 - High
- April 11, 2023
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
Dangling pointer
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call
CVE-2023-28466
7 - High
- March 16, 2023
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
NULL Pointer Dereference
A vulnerability was found in the Linux kernels cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function
CVE-2022-0492
7.8 - High
- March 03, 2022
A vulnerability was found in the Linux kernels cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
AuthZ
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10
CVE-2022-25636
7.8 - High
- February 24, 2022
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
Improper Privilege Management
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes
CVE-2019-20636
6.7 - Medium
- April 08, 2020
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NetApp H615c or by NetApp? Click the Watch button to subscribe.
