DEBIAN-CVE-2022-49591

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: kszcommon: Fix refcount leak bug In kszswitchregister, we should call ofnodeput for the reference returned by ofgetchildbyname which has increased the refcount...

kernel: net: fix out-of-bounds access in ops_init

An out-of-bounds memory access flaw was found in the Linux kernel’s networking subsystem in how a local user triggers a complex race condition. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

A vulnerability was found in the Linux kernel's networking subsystem in the actapi implementation within the tcfidrcheckalloc function, which lead to a possible infinite loop when multiple actions with the same index are added, causing the second request to block indefinitely while holding the...

kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

A vulnerability was found in the Linux kernel's networking subsystem in the actapi implementation within the tcfidrcheckalloc function, which lead to a possible infinite loop when multiple actions with the same index are added, causing the second request to block indefinitely while holding the...

kernel: net: fix out-of-bounds access in ops_init

An out-of-bounds memory access flaw was found in the Linux kernel’s networking subsystem in how a local user triggers a complex race condition. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

A vulnerability was found in the Linux kernel's networking subsystem in the actapi implementation within the tcfidrcheckalloc function, which lead to a possible infinite loop when multiple actions with the same index are added, causing the second request to block indefinitely while holding the...

kernel: net/mlx5e: fix memory leak in mlx5e_ptp_open

A flaw was found in the Linux kernel net/mlx5e Ethernet driver’s mlx5eptpopen function. When memory allocation via kvzallocnode or kvzalloc fails, previously allocated resources c or cparams were not properly freed, leading to a memory leak in the error path. An unprivileged local user interactin...

USN-6777-2 linux-azure vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

LSN-0102-1: Kernel Live Patch Security Notice

It was discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2023-1872 Lonial Con discovered that the...

openSUSE: Security Advisory for the Linux Kernel (Live Patch 2 for SLE 15 SP5) (SUSE-SU-2023:3658-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3318-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3302-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6651-2: Linux kernel vulnerabilities

It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...

USN-6652-1: Linux kernel (Azure) vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

CVE-2024-22410 Binary Planting Attack on Windows Platforms in Creditcoin

Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute...

kernel: net/mlx5e: Fix deadlock in tc route query code

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlock in tc route query code Cited commit causes ABBA deadlock0 when peer flows are created while holding the devcom rw semaphore. Due to peer flows offload implementation the lock is taken much higher up the ca...

kernel: drm/virtio: Check whether transferred 2D BO is shmem

A flaw was found in the Linux kernel networking subsystem. Under certain conditions, a pointer may be dereferenced without proper validation, resulting in a NULL pointer dereference. An unprivileged local user could trigger this flaw by exercising the affected networking functionality, causing a...

SUSE SLES15 Security Update : kernel RT (Live Patch 5 for SLE 15 SP4) (SUSE-SU-2023:3668-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3668-1 advisory. - In the Linux kernel, picknextrtentity may return a type confused entry, not detected by the BUGON condition, as the confused entry will not b...

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP5) (SUSE-SU-2023:3671-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3671-1 advisory. - In the Linux kernel, picknextrtentity may return a type confused entry, not detected by the BUGON condition, as the confused entry will not b...

SUSE SLES15 Security Update : kernel RT (Live Patch 9 for SLE 15 SP4) (SUSE-SU-2023:3677-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3677-1 advisory. - A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of...