2440 matches found
USN-3910-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflushmerge mount option correctly. An attacker could use this to cause a denial of service system crash. CVE-2017-18241 It was discovered that the procfs filesystem did not properly handle processes...
USN-3910-2 linux-lts-xenial, linux-aws vulnerabilities
USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not...
The vulnerability of the opensc authentication package for smart cards and system USB tokens in the Astra Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the opensc authentication package for smart cards and operating system USB tokens in Astra Linux is related to incorrect operation of the Rutek S drivers. Exploiting this vulnerability can allow a hacker to cause service failure...
New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers
Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct...
British Airways Entertainment System Buffer Overflow Vulnerability
The British Airways Entertainment System is an in-flight audio-visual entertainment system. A security vulnerability exists in the British Airways Entertainment System installed on Boeing 777-36NER and other aircraft, which arises from a program that does not prevent the USB charge/digit transfer...
Intel USB 3.0 eXtensible Host Controller Driver Local Code Injection Vulnerability
Intel USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 is a USB Universal Serial Bus 3.0 eXtensible Host Controller Driver for the Windows 7 platform from Intel Corporation. Host Controller Driver for Microsoft Windows 7. A code injection vulnerability exists in the installer in...
UBUNTU-CVE-2018-20340
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is...
AZL-34325 CVE-2018-20169 affecting package kernel for versions less than 5.15.148.2-2
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c...
PT-2018-2862 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.19.9 Description: An issue in the Linux kernel's USB subsystem mishandles size checks during the reading of an extra descriptor, related to the usb get extra descriptor function in drivers/usb/core/usb.c. This...
USN-3822-1 linux vulnerabilities
Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the BP and OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service guest OS crash. CVE-2016-9588 It was discovered that the generic SCSI driver in the Linux kernel did...
Huawei cell phone information leakage vulnerability
Anne-AL00 is a smartphone from Huawei. An information disclosure vulnerability exists in the Huawei Anne-AL00 phone. An attacker connecting the phone via USB can exploit this vulnerability to obtain device-specific information about the phone due to improper privilege settings for specific comman...
September 13, 2016 — KB3189866 (OS Builds 14393.187 and 14393.189)
September 13, 2016 — KB3189866 OS Builds 14393.187 and 14393.189 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Windows Shell, map apps, Internet Explorer 11, and...
Linux kernel elevation of privilege vulnerability (CNVD-2018-19417)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An elevation of privilege vulnerability exists in the yurexread file in drivers/usb/misc/yurex.c in versions of the Linux kernel prior to 4.17.7, which can be exploite...
UBUNTU-CVE-2018-16276
An issue was discovered in yurexread in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges...
Yubico-Piv Buffer Overflow Vulnerability (CNVD-2018-16943)
Yubico-Piv is a tool for interacting with YubiKey's Identity Card PIV application. A buffer overflow vulnerability exists in the 'ykpivfetchobject' function in the lib/ykpiv.c file in Yubico-Piv version 1.5.0. The vulnerability can be exploited to execute malicious code via a specially crafted US...
DEBIAN-CVE-2018-5814
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets...
USN-3631-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2017-13305 It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly...
UBUNTU-CVE-2017-16914
The "stubsendretsubmit" function drivers/usb/usbip/stubtx.c in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service NULL pointer dereference via a specially crafted USB over IP packet...
The vulnerability of the dvb_frontend_free function (drivers/media/dvb-core/dvb_frontend.c) in the Linux kernel allows a hacker to cause a service failure or exert other effects.
The vulnerability of the dvbfrontendfree function located in the drivers/media/dvb-core/dvbfrontend.c file in the Linux kernel is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker, operating locally, to cause service failures or other effects...
The vulnerability of the parse_hid_report_descriptor function (drivers/input/tablet/gtco.c) in the Linux operating system allows a hacker to trigger a service failure or exert other effects.
The vulnerability of the parsehidreportdescriptor function in the Linux kernel’s drivers/input/tablet/gtco.c file arises from a read operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause service failures or other effects such as...