USN-6686-4 linux-kvm vulnerabilities

It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-22995 It was discovered that a race...

Ubuntu 22.04 LTS : Linux kernel (KVM) vulnerabilities (USN-6686-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6686-4 advisory. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6705-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6705-1 advisory. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions duri...

USN-6681-4 linux-aws, linux-aws-5.4 vulnerabilities

Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system...

kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c

A flaw was found in l2capsockrelease in net/bluetooth/l2capsock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled...

USN-6686-3 linux-oracle, linux-oracle-5.15 vulnerabilities

It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-22995 It was discovered that a race...

kernel: out-of-bounds write in qfq_change_class function

An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control QoS subsystem in how a user triggers the qfqchangeclass function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on t...

kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: inactive elements in nft_pipapo_walk

A use-after-free flaw was found in the Netfilter subsystem in the Linux kernel via the nftpipapowalk function. This issue may allow a local user with CAPNETADMIN capability to trigger an application crash, information disclosure, or local privilege escalation...

Ubuntu: Security Advisory (USN-6700-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6700-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

It was discovered that the Layer 2 Tunneling Protocol L2TP implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or...

CVE-2021-47128

In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a "security,lockdown,selinux: implement SELinux lockdown" added an implementation of the lockeddown LSM hook to SELinux, with the aim to restric...

UBUNTU-CVE-2021-47128

In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a "security,lockdown,selinux: implement SELinux lockdown" added an implementation of the lockeddown LSM hook to SELinux, with the aim to restric...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1360)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2024-1381)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Improper access control in the IntelR Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticate...

USN-6686-2: Linux kernel vulnerabilities

It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-22995 It was discovered that a race...

USN-6681-3: Linux kernel vulnerabilities

Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system...

kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c

A flaw was found in l2capsockrelease in net/bluetooth/l2capsock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6681-3)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6681-3 advisory. Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing...

kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...