CVE-2024-0193 Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFTCHAIN object or NFTOBJECT object, allowing a local...

NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2023-0061)

The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel's futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creati...

PT-2023-28454 · Zephyr · Zephyr

Name of the Vulnerable Software and Affected Versions: Zephyr affected versions not specified Description: The issue is related to a possible buffer overflow in the Zephyr mgmt subsystem when asserts are disabled. Recommendations: At the moment, there is no information about a newer version that...

CentOS 7 : kpatch-patch (RHSA-2023:1101)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1101 advisory. - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local...

The vulnerability of the `perf_event_validate_size()` function in the kernel/events/core.c module of the perf subsystem in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information, thereby enhancing their privileges within the system.

The vulnerability of the perfeventvalidatesize function in the kernel/events/core.c module of the Linux operating system’s perf subsystem is related to writing beyond the boundaries of a allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-3501)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the io_uring subsystem in Linux kernel allows a hacker to increase their privileges.

The vulnerability of the iouring subsystem in Linux kernel relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2023-6817

A use-after-free flaw was found in the Netfilter subsystem in the Linux kernel via the nftpipapowalk function. This issue may allow a local user with CAPNETADMIN capability to trigger an application crash, information disclosure, or local privilege escalation. Mitigation In order to trigger the...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2023-13048)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-13048 advisory. - nvmet-tcp: Fix a possible UAF in queue intialization setup Sagi Grimberg Orabug: 36028026 CVE-2023-5178 - Bluetooth: Reject connection with the device which...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-13043)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13043 advisory. - nvmet-tcp: Fix a possible UAF in queue intialization setup Sagi Grimberg Orabug: 36028025 CVE-2023-5178 - x86: KVM: SVM: always update the x2avi...

CVE-2023-49938

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-13044)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-13044 advisory. - nvmet-tcp: Fix a possible UAF in queue intialization setup Sagi Grimberg Orabug: 36028026 CVE-2023-5178 Tenable has extracted the preceding description...

Low: Red Hat Security Advisory: Logging Subsystem 5.8.1- Red Hat OpenShift security update

An update is now available for RHOL-5.8-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Reference...

USN-6549-3: Linux kernel (Low Latency) vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

USN-6534-3: Linux kernel vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6534-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6534-3 advisory. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading ...

Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6548-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6548-3 advisory. It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive...

Ubuntu: Security Advisory (USN-6548-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6534-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-6549-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6549-3 advisory. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain...