Ubuntu 24.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6878-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6878-1 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereferenc...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6866-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6866-2 advisory. It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An...

Ubuntu 20.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6871-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6871-1 advisory. It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An...

Ubuntu 24.04 LTS : Linux kernel vulnerability (USN-6863-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6863-1 advisory. A security issue was discovered in the Linux kernel. An attacker could possibly use it to compromise the system. This update corrects flaws in the following...

CBL Mariner 2.0 Security Update: kernel (CVE-2018-20169)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2018-20169 advisory. - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during t...

CVE-2024-20899

Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information...

CVE-2024-20897

Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information...

kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes

CVE-2024-35789 is a vulnerability in the Linux kernel’s Wi-Fi subsystem mac80211. It occurs when a station is moved out of a VLAN, and the VLAN is subsequently deleted. A reference to the deleted VLAN’s network device may remain, leading to a use-after-free condition. This can result in system...

kernel: wifi: nl80211: reject iftype change with mesh ID change

CVE-2024-27410 is a vulnerability in the Linux kernel’s Wi-Fi subsystem, affecting the nl80211 interface. The issue occurs when a mesh ID is set while simultaneously switching the interface to mesh mode, which can overwrite critical data in the wireless device's configuration. This can lead to...

kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in how it handles hardware failure when it occurs. This flaw allows a local user to potentially crash the system...

kernel: tls: race between tx work scheduling and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete, which could lead to undefined behavior and a denial of service...

PT-2024-18812 · Ims · Ims

Name of the Vulnerable Software and Affected Versions: IMS service versions prior to SMR Jul-2024 Release 1 Description: The issue concerns the use of implicit intent for sensitive communication in the RCS function of the IMS service, allowing local attackers to obtain sensitive information...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices prior to SMR Jul-2024 Release 1, which stems from an issue in the RCS method of the IMS service that uses implicit...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices prior to SMR Jul-2024 Release 1, which stems from an issue in the FCM method of the IMS service that uses implicit...

@fastly/js-compute has a use-after-free in some host call implementations

Impact The implementation of the following functions were determined to include a use-after-free bug: FetchEvent.client.tlsCipherOpensslName FetchEvent.client.tlsProtocol FetchEvent.client.tlsClientCertificate FetchEvent.client.tlsJA3MD5 FetchEvent.client.tlsClientHello...

USN-6819-4: Linux kernel (Oracle) vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

USN-6819-4 linux-oracle-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

kernel: race condition in snd_pcm_hw_free leading to use-after-free

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hwparams. The hwfree ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges ...

Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6819-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

SUSE CVE-2024-37026

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines with...