192 matches found
The vulnerability of the rds_recv_track_latency() function in the net/rds/af_rds.c module of the Linux operating system’s RDS (Reliable Datagram Sockets) kernel implementation allows a attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the rdsrecvtracklatency function in the net/rds/afrds.c module of the Linux operating system’s RDS Reliable Datagram Sockets implementation is related to reading memory beyond the bounds of the allocated buffer. Exploiting this vulnerability could allow an attacker to...
SUSE CVE-2021-47249
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rdsrecvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rdsrecvmsgstruct socket sock, struct msghdr msg, sizet size, int msgflags ... if...
AIX (IJ50934)
The version of AIX installed on the remote host is prior to APAR IJ50934. It is, therefore, affected by a vulnerability as referenced in the IJ50934 advisory. - IBM AIX's Unix domain AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1 datagram socket implementation could potentially expose applications using Un...
CVE-2024-27273
IBM AIX's Unix domain AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1 datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SOPEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903...
CVE-2024-27273 IBM AIX privilege escalation
IBM AIX's Unix domain AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1 datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SOPEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903...
SUSE CVE-2024-26865
In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsktimerhandler. syzkaller reported a warning of netns tracker 0 followed by KASAN splat 1 and another ref tracker warning 1. syzkaller could not find a repro, but in the log, the only...
DEBIAN-CVE-2024-26865
In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsktimerhandler. syzkaller reported a warning of netns tracker 0 followed by KASAN splat 1 and another ref tracker warning 1. syzkaller could not find a repro, but in the log, the only...
UBUNTU-CVE-2024-26865
In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsktimerhandler. syzkaller reported a warning of netns tracker 0 followed by KASAN splat 1 and another ref tracker warning 1. syzkaller could not find a repro, but in the log, the only...
SUSE CVE-2023-52573
In the Linux kernel, the following vulnerability has been resolved: net: rds: Fix possible NULL-pointer dereference In rdsrdmacmeventhandlercmn check, if conn pointer exists before dereferencing it as rdmasetservicetype argument Found by Linux Verification Center linuxtesting.org with SVACE...
AZL-33962 CVE-2024-23849 affecting package kernel for versions less than 5.15.153.1-1
In rdsrecvtracklatency in net/rds/afrds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDSMSGRXDGRAMTRACEMAX comparison, resulting in out-of-bounds access...
PT-2024-3791 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a function in the Linux kernel's implementation of the Reliable Datagram Sockets RDS protocol. It involves reading memory beyond the allocated buffer, potential...
USN-6134-1: Linux kernel (Intel IoTG) vulnerabilities
It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...
USN-6132-1: Linux kernel vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...
USN-6118-1 linux-oracle, linux-oracle-5.4 vulnerabilities
Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-3707 Jordy Zomer and Alexandra Sandulescu discover...
USN-6118-1: Linux kernel (Oracle) vulnerabilities
Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-3707 Jordy Zomer and Alexandra Sandulescu discover...
USN-6109-1 linux-raspi, linux-raspi-5.4 vulnerabilities
Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-3707 Jordy Zomer and Alexandra Sandulescu discover...
USN-6109-1: Linux kernel (Raspberry Pi) vulnerabilities
Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-3707 Jordy Zomer and Alexandra Sandulescu discover...
USN-6096-1: Linux kernel vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Ziming Zhang discovered that the VMware Virtual GPU DR...
Ubuntu: Security Advisory (USN-6090-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6091-1: Linux kernel vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Ziming Zhang discovered that the VMware Virtual GPU DR...