CVE-2022-49771

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the "dmtargetiteratelistversiongetneeded, &needed" call and then will fill the space using the...

CVE-2022-49771

CVE-2022-49771 affects the Linux kernel’s dm-thin/ioctl path. The vulnerability arises when __list_versions uses dm_target_iterate twice under race conditions between the first size estimation and the second information retrieval, allowing module loading to occur between the two calls. The second...

CVE-2022-49771 dm ioctl: fix misbehavior if list_versions races with module loading

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the "dmtargetiteratelistversiongetneeded, &needed" call and then will fill the space using the...

AZL-58360 CVE-2025-1550 affecting package keras for versions less than 3.3.3-2

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

DEBIAN-CVE-2022-49444

In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...

DEBIAN-CVE-2022-49379

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was timing out when deferredprobetimeout was non-zero 1. This was because ipautoconfig initcall times out waiting for the network interfac...

UBUNTU-CVE-2022-49444

In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...

DEBIAN-CVE-2022-49236

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btftrygetmodule and loadmodule While working on code to populate kfunc BTF ID sets for module BTF from its initcall, I noticed that by the time the initcall is invoked, the module BTF can already ...

CVE-2022-49444

CVE-2022-49444: Linux kernel vulnerability in module loading (e_shstrndx).sh_size) leading to an out-of-bounds access; described as exploitable by crafting a module. The issue is resolved by a patch that was rebased onto modules-next. Affected systems require updating to a kernel version containi...

CVE-2022-49236

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btftrygetmodule and loadmodule While working on code to populate kfunc BTF ID sets for module BTF from its initcall, I noticed that by the time the initcall is invoked, the module BTF can already ...

CVE-2022-49236

CVE-2022-49236 concerns a Linux kernel use-after-free in BPF/BTF handling: a race between module init and module reuse could allow BTF IDs to be published before a module is fully live. The fix, as described in the related documentation, is to set a BTF_MODULE_F_LIVE flag at MODULE_STATE_LIVE so ...

CVE-2022-49236 bpf: Fix UAF due to race between btf_try_get_module and load_module

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btftrygetmodule and loadmodule While working on code to populate kfunc BTF ID sets for module BTF from its initcall, I noticed that by the time the initcall is invoked, the module BTF can already ...

Security update for podman

This update for podman fixes the following issues: CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service DoS bsc1231698 Load iptables and ip6tables kernel module bsc1214612 Required for rootless mode as a...

OESA-2024-2142 wpa_supplicant security update

wpasupplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key...

SUSE CVE-2024-5290

An issue was discovered in Ubuntu wpasupplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of...

UBUNTU-CVE-2024-5290

An issue was discovered in Ubuntu wpasupplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of...

RHEL 4 : systemtap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - systemtap: signed module loading race condition CVE-2011-2503 Note that Nessus has not tested for this issue but ha...

RHEL 5 : busybox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - busybox: heap-based buffer overflow in OPTION6RD parsing CVE-2016-2148 - Directory traversal vulnerabilit...

RHEL 4 : busybox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - busybox: Path traversal via crafted tar file containing symlink CVE-2011-5325 - The addprobe function in...

PT-2024-5576 · Unknown +4 · Wpa Supplicant +4

Name of the Vulnerable Software and Affected Versions: wpa supplicant affected versions not specified Description: The issue is related to an uncontrolled search path element in wpa supplicant, allowing a local unprivileged attacker to escalate privileges to the user that wpa supplicant runs as,...