10812 matches found
USN-6646-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...
kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
A flaw was found in l2capsockrelease in net/bluetooth/l2capsock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled...
kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend()
A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in the virtio network subcomponent in the Linux kernel due to a double fget. This issue could allow a local attacker to crash the system, and could lead to a kernel information leak problem...
kernel: HID: check empty report_list in hid_validate_values()
A memory corruption flaw was found in the Linux kernel’s human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system...
kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
A flaw was found in l2capsockrelease in net/bluetooth/l2capsock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled...
kernel: inactive elements in nft_pipapo_walk
A use-after-free flaw was found in the Netfilter subsystem in the Linux kernel via the nftpipapowalk function. This issue may allow a local user with CAPNETADMIN capability to trigger an application crash, information disclosure, or local privilege escalation...
kernel: HID: check empty report_list in hid_validate_values()
A memory corruption flaw was found in the Linux kernel’s human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system...
kernel: use-after-free in sch_qfq network scheduler
A use-after-free flaw was found in qfqdequeue and aggdequeue in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This issue may allow a local user to crash the system or escalate their privileges on the system...
RHEL 8 : kernel-rt (RHSA-2024:0881)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0881 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...
This Week in Spring - February 20th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you this fine 20th of February, 2024? I'm doing alright on this rainy 20th of Feburary here in San Francisco, and I hope you are too! We've got a ton of things to get into this week so let's dive right into it! Have y...
PT-2024-7728 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel version 6.6.0 Description: The vulnerability is related to a NULL pointer dereference in the Linux kernel's perf subsystem. It occurs when the ctr get width function is not defined for the legacy case, but is used in arch perf...
CLSA-2024-1708171036 Fix of 10 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-23849 - net/rds: Fix UBSAN: array-index-out-of-bounds in rdscmsgrecv CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables...
CLSA-2024-1708094944 Fix of 8 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables: reject QUEUE/DROP verdict parameters CVE-url: https://ubuntu.com/security/CVE-2023-35827 - ravb: Fix use-after-fr...
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
...
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6626-3)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6626-3 advisory. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A...
USN-6626-3: Linux kernel (Azure) vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...
USN-6639-1 linux-oem-6.1 vulnerabilities
It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...
USN-6639-1: Linux kernel (OEM) vulnerabilities
It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...
Ubuntu 20.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6628-2)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6628-2 advisory. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote...
USN-6626-2: Linux kernel vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...