CVE-2023-36391

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability...

CVE-2023-36391

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability...

CVE-2023-36391 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

...

CVE-2023-36391

CVE-2023-36391 is a Local Security Authority Subsystem Service (LSASS) elevation-of-privilege vulnerability in Windows. The ENISA/NC SC advisory cites LSASS as affected and lists the impact as Obtain increased privileges . The CVE is associated with a local-exploit path and is addressed by Micros...

USN-6534-2: Linux kernel vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

SUSE CVE-2023-6679

A null pointer dereference vulnerability was found in dpllpinparentpinset in drivers/dpll/dpllnetlink.c in the Digital Phase Locked Loop DPLL subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-3304)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-3336)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-6679

A null pointer dereference vulnerability was found in dpllpinparentpinset in drivers/dpll/dpllnetlink.c in the Digital Phase Locked Loop DPLL subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service...

CVE-2023-6679

A null pointer dereference vulnerability was found in dpllpinparentpinset in drivers/dpll/dpllnetlink.c in the Digital Phase Locked Loop DPLL subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service...

CVE-2023-6679

A null pointer dereference vulnerability was found in dpllpinparentpinset in drivers/dpll/dpllnetlink.c in the Digital Phase Locked Loop DPLL subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service. Mitigation Mitigation for this issue is either not available o...

PT-2023-32737 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A null pointer dereference vulnerability was found in the dpll pin parent pin set function in the Digital Phase Locked Loop DPLL subsystem in the Linux kernel. This issue could be...

Ubuntu 18.04 ESM / 20.04 LTS : Linux kernel vulnerabilities (USN-6548-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6548-1 advisory. It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose...

OracleVM 3.4 : kernel-uek (OVMSA-2023-0025)

The remote OracleVM system is missing necessary patches to address security updates: - A flaw was found in the Netfilter subsystem in the Linux kernel. The xtu32 module did not validate the fields in the xtu32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds rea...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6549-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6549-1 advisory. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain...

CLSA-2023-1701963303 kernel: Fix of 18 CVEs

net/tls: do not free tlsrec on async operation in bpfexectxverdict CVE-2023-6176 - wifi: mac80211: fix MBSSID parsing use-after-free CVE-2022-42719 - mac80211: always allocate struct ieee80211elems CVE-2022-42719 - x86/sev: Check for user-space IOIO pointing to kernel space CVE-2023-46813 -...

USN-6540-1: BlueZ vulnerability

It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable...

USN-6536-1: Linux kernel vulnerabilities

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2023-39189 Kyle Zeng...

[SECURITY] Fedora 39 Update: keyring-ima-signer-0.1.0-11.fc39

The IMA Integrity Measurement Architecture is a key component of the Linux integrity subsystem designed to ensure integrity, authenticity, and confidentiality of systems including hardware root of trusts TPM. This tool allows signing of files in userspace, inclusding options of including the...

Ubuntu 23.10 : Linux kernel (GCP) vulnerabilities (USN-6537-1)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6537-1 advisory. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged...