Ubuntu: Security Advisory (USN-6973-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6951-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6951-4: Linux kernel (BlueField) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - M68K architecture; - User-Mode Linux UML; - x86 architecture; - Accessibility subsystem; -...

kernel: mlxbf_gige: call request_irq() after NAPI initialized

CVE-2024-35907 is a vulnerability in the Linux kernel's mlxbfgige driver, which supports Mellanox BlueField devices. The issue occurs during kdump operations when a receive RX interrupt is triggered before the driver fully initializes. This leads to a race condition that can result in a NULL...

kernel: mlxbf_gige: call request_irq() after NAPI initialized

CVE-2024-35907 is a vulnerability in the Linux kernel's mlxbfgige driver, which supports Mellanox BlueField devices. The issue occurs during kdump operations when a receive RX interrupt is triggered before the driver fully initializes. This leads to a race condition that can result in a NULL...

USN-6924-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM SCMI message protocol; - InfiniBand drivers; - TTY drivers; - TLS protocol; CVE-2024-26584, CVE-2024-36016,...

USN-6896-1: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...

Ubuntu: Security Advisory (USN-6867-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 9 : kernel (ELSA-2024-3306)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3306 advisory. - netfilter: nftables: disallow anonymous set with timeout flag Phil Sutter RHEL-32971 RHEL-30082 CVE-2024-26642 - netfilter: nftables: mark set as dea...

USN-6767-2: Linux kernel (BlueField) vulnerabilities

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service system crash. CVE-2024-23849 Several security issues were discovered in the Linux kernel. An attacker...

Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-6767-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6767-2 advisory. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of- bounds read vulnerability. An attacker could use...

Unbreakable Enterprise kernel security update

5.15.0-205.149.5.1 - KVM: x86: Add BHINO Daniel Sneddon Orabug: 36384802 CVE-2024-2201 - x86/bhi: Mitigate KVM by default Pawan Gupta Orabug: 36384802 CVE-2024-2201 - x86/bhi: Add BHI mitigation knob Pawan Gupta Orabug: 36384802 CVE-2024-2201 - x86/bhi: Enumerate Branch History Injection BHI bug...

Ubuntu: Security Advisory (USN-6648-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

bluefield.areaconnect.com Cross Site Scripting vulnerability OBB-3853444

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-31037

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS...

CVE-2023-31037

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS...

Code injection

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS...

CVE-2023-31037

The CVE-2023-31037 issue affects NVIDIA BlueField 2 and BlueField 3 DPU BMC with a vulnerability in ipmitool that allows a root user to trigger code injection via a network call, potentially leading to OS code execution. Public details confirm the affected products are BlueField DPU BMCs and iden...

CVE-2023-31037

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS...

CVE-2023-31037

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS...