Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6653-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6653-2 advisory. It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6648-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6648-1 advisory. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free...

RHEL 8 : kpatch-patch (RHSA-2024:0876)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0876 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

RHEL 8 : kpatch-patch (RHSA-2024:0851)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0851 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2024-1149)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : libwebp (EulerOS-SA-2024-1149)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds...

kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges

A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system...

PT-2024-8424 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a race condition error in the HDMA controller register. The Linked list element and pointer are not stored in the same memory as the HDMA controller register. I...

RHEL 9 : kernel (RHSA-2024:0723)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0723 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ktls overwrites readonly memor...

Low: jasper

Issue Overview: An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. CVE-2023-51257 Affected Packages: jasper Issue Correction: Run dnf update jasper --releasever 2023.3.20240205 or dnf update --advisory ALAS2023-2024-511...

Low: jasper

Issue Overview: An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. CVE-2023-51257 Affected Packages: jasper Issue Correction: Run dnf update jasper --releasever 2023.3.20240205 to update your system. New Packages: aarch64:...

Amazon Linux 2023 : jasper, jasper-devel, jasper-libs (ALAS2023-2024-511)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-511 advisory. An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. CVE-2023-51257 Tenable has extracted the preceding description block directl...

kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Fedora 39 : mingw-jasper (2024-f53b383648)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f53b383648 advisory. Backport fix for CVE-2023-51257. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-488)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-488 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disable sending iouring over sockets CVE-2023-52654 In the Linux kernel, the following vulnerability has been...

AZL-34873 CVE-2024-0646 affecting package kernel for versions less than 6.6.35.1-4

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

DEBIAN-CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...