ALSA-2024:3846 Moderate: python-idna security update

The hsakmt packages include a thunk library for AMD's Heterogeneous System Architecture HSA Linux kernel driver amdkfd. Security Fixes: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651...

The vulnerability of the qla2x00_els_dcmd_sp_free() function in the drivers/scsi/qla2xxx/qla_iocb.c module of the QLogic QLA2XXX Linux operating system kernel allows a attacker to cause a service failure or exert other effects.

The vulnerability of the qla2x00elsdcmdspfree function in the drivers/scsi/qla2xxx/qlaiocb.c module of the QLogic QLA2XXX Linux kernel driver is related to the re-release of previously released memory. Exploiting this vulnerability could allow an attacker to cause a service failure or have other...

The vulnerability of the dm_sw_fini() function in the drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c file of the amdgpu kernel driver for the Linux operating system, which allows a hacker to disclose protected information.

The vulnerability of the dmswfini function in the drivers/gpu/drm/amd/display/amdgpudm/amdgpudm.c file of the amdgpu kernel in the Linux operating system is related to a memory leak. Exploiting this vulnerability could allow an attacker to disclose sensitive information that is protected by...

The vulnerability of the qla2x00_mem_alloc() function in the drivers/scsi/qla2xxx/qla_os.c module of the QLogic QLA2XXX kernel driver for the Linux operating system allows a hacker to cause service failure or exert other adverse effects.

The vulnerability of the qla2x00memalloc function in the drivers/scsi/qla2xxx/qlaos.c file of the QLogic QLA2XXX kernel in the Linux operating system is related to the reallocation of previously released memory. Exploiting this vulnerability could allow an attacker to cause a service failure or...

CVE-2024-23851

copyparams in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INTMAX bytes, and crash, because of a missing paramkernel-datasize check. This is related to ctlioctl...

SUSE SLES12 Security Update : containerd, docker, runc (SUSE-SU-2023:4625-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4625-1 advisory. - A potential vulnerability in the AMD extension to Linux hwmon service may allow an attacker to use the Linux-based Running Averag...

The vulnerability of the saa7134_finidev() function in the drivers/media/pci/saa7134/saa7134-core.c file of the Philips SAA7134 driver for the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the saa7134finidev function in the driver drivers/media/pci/saa7134/saa7134-core.c file of the Philips SAA7134 kernel for the Linux operating system is related to the reutilization of a resource that was previously freed due to competitive access to the resource i.e., in a...

SUSE CVE-2023-1855

A use-after-free flaw was found in xgenehwmonremove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver xgene-hwmon. This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem...

CVE-2023-1855

CVE-2023-1855 describes a use-after-free in xgene_hwmon_remove (drivers/hwmon/xgene-hwmon.c) of the Linux kernel hardware monitoring driver. The Astra Linux security bulletin mirrors this flaw and notes it could allow a local attacker to crash the system or leak kernel memory due to a race condit...

kernel: memory corruption in AX88179_178A based USB ethernet device.

A flaw was found in the Linux kernel’s driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes...

SUSE CVE-2020-8694

Insufficient access control in the Linux kernel driver for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

SUSE CVE-2021-33135

Uncontrolled resource consumption in the Linux kernel drivers for IntelR SGX may allow an authenticated user to potentially enable denial of service via local access...

The vulnerability of the vgacon_scrollback_cur() function in the Linux kernel driver, which allows a hacker to cause a service failure.

The vulnerability of the vgaconscrollbackcur function in the Linux kernel driver is related to the writing of allocated memory outside the system’s boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure...

kernel: memory corruption in AX88179_178A based USB ethernet device.

A flaw was found in the Linux kernel’s driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes...

kernel: memory corruption in AX88179_178A based USB ethernet device.

A flaw was found in the Linux kernel’s driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes...

The vulnerability of the WILC1000 wireless network driver for Linux operating systems allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the wireless network driver WILC1000 drivers/net/wireless/microchip/wilc1000/cfg80211.c in the Linux kernel is related to the lack of checking for the IEEE80211P2PATTROPERCHANNEL length. Exploiting this vulnerability can allow a attacker to execute arbitrary code or cause...

The vulnerability of the FUJITSU Extended Socket Network driver in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the FUJITSU Extended Socket Network kernel driver in the Linux operating system is related to the swapping of the zero pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2022-3577

An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigbenprobe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben...

CVE-2022-21814

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service...

kernel: nvmet-rdma: Fix NULL deref when SEND is completed with error

A flaw was found in an error-handling function in the Linux kernel's NVMe driver. This flaw allows an attacker with control over NVMe links to cause a denial of service...