Debian DLA-2068-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2019-2215 The syzkaller tool discovered a use-after-free vulnerability in the Android binder driver. A local user on a system with this driver...

CVE-2019-19532

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c,...

USN-4186-1 linux, linux-aws, linux-kvm vulnerabilities

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions TSX could expose...

Linux Kernel Multiple Security Vulnerabilities

Description Linux Kernel is prone to the following security vulnerabilities: 1. A security-bypass vulnerability 2. A local privilege-escalation vulnerability An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or gain elevated privileges...

Security Bulletin: Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, CVE-2019-15925

Summary Multiple vulnerabilities in the Linux Kernel such as denial of service, elevation of privileges, execution of arbitrary code on the system, and the ability to obtain sensitive information affect IBM Spectrum Protect Plus. UPDATED: 11 September 2019 to add CVE-2019-15925 Vulnerability...

Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities (CVE-2019-7221, CVE-2019-6974, CVE-2018-17972, CVE-2018-9568)

Summary IBM QRadar Network Security is affected by Linux kernel vulnerabilities Vulnerability Details CVEID: CVE-2019-7221 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the way KVM hypervisor emulates a preemption timer for L2 guests when nested =1...

Integer Overflows

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could u...

USN-3932-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3932-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3932-1 advisory. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a...

USN-3901-2 linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities

USN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3880-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3880-1 advisory. It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a...

USN-3849-1: Linux kernel vulnerabilities

It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2017-2647 It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to ...

[SECURITY] [DLA 1531-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.110-3+deb9u5deb8u1 CVE ID : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363 CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099 CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3776-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3776-1 advisory. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local...

Debian DSA-4308-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2018-6554 A memory leak in the irdabind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a...

USN-3753-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. CVE-2017-13168 Wen Xu discovered that a use-after-free vulnerability...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3752-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3752-1 advisory. It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3741-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3741-1 advisory. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core...

Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities

Summary IBM QRadar Network Security has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000004 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the sound system. A remote attacker could exploit this vulnerability to caus...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3696-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3696-1 advisory. It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of servic...