Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-5616-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5616-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

Ubuntu 22.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-5602-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5602-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

OESA-2022-1881 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A race condition in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution,...

OESA-2022-1880 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A race condition in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution,...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5594-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5594-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow...

Linux Kernel LoadPin bypass via dm-verity table reload

...

CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

AZL-10559 CVE-2022-2503 affecting package kernel for versions less than 5.15.67.1-4

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

UBUNTU-CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

Design/Logic Flaw

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

CVE-2022-2503 Linux Kernel LoadPin bypass via dm-verity table reload

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

CVE-2022-2503

CVE-2022-2503 affects Linux kernels using Dm-verity/LoadPin. A device-mapper table reload can swap the target to an equivalent dm-linear target, bypassing verification until reboot and allowing root to load untrusted/unsigned kernel modules and firmware. This can enable arbitrary kernel execution...

CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

Google Dm-verity 授权问题漏洞

Google Dm-verity is a root filesystem used to extend the root of trust to multiple distributions by Google, USA. A security vulnerability exists in Google Dm-verity. An attacker could use this vulnerability to bypass LoadPin and load untrusted and unverified kernel modules and firmware...

CVE-2022-2503 Linux Kernel LoadPin bypass via dm-verity table reload

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

kconfig-hardened-check-master

This is a tool for checking Linux kernel Kconfig option lists against security hardening preferences. The tool is called "kconfig-hardened-check" and is written in Python. It is designed to help users ensure that their Linux systems are properly secured by checking the kernel configuration agains...