Ubuntu: Security Advisory (USN-6497-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the XFRM subsystem in the Linux operating system, which allows a hacker to trigger a service failure

The vulnerability of the XFRM subsystem in the Linux operating system is related to the exploitation of a null pointer dereferencing issue. Exploiting this vulnerability can allow an attacker to cause a service failure...

USN-6497-1: Linux kernel (OEM) vulnerabilities

Maxim Levitsky discovered that the KVM nested virtualization SVM implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service host kernel crash. CVE-2023-5090 Alon Zahavi discovered that the...

USN-6494-1: Linux kernel vulnerabilities

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Lucas Leong discovered that the netfilter subsystem in the...

USN-6494-1 linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Lucas Leong discovered that the netfilter subsystem in the...

kernel: use-after-free due to race condition occurring in dvb_net.c

A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the dvbnet component of the DVB core device driver. It could occur between the time the device is disconnected .disconnect function and the time the device node is opened dvbdeviceopen functio...

kernel: use-after-free due to race condition occurring in dvb_register_device()

A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvbregisterdevice function due to the fileoperations structure fops being dynamically allocated and later kfreed. A local user could use this...

kernel: use after free in nvmet_tcp_free_crypto in NVMe

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead t...

RHEL 9 : kernel-rt (RHSA-2023:7389)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7389 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

RHEL 9 : kernel (RHSA-2023:7382)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7382 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: clsfw component can...

RHEL 9 : kpatch-patch (RHSA-2023:7411)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7411 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6497-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6497-1 advisory. Maxim Levitsky discovered that the KVM nested virtualization SVM implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSR...

Ubuntu 16.04 ESM / 18.04 ESM : Linux kernel vulnerabilities (USN-6494-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6494-1 advisory. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A loca...

CVE-2023-6121 Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer...

CVE-2023-6121

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer...

Ubuntu: Security Advisory (USN-6479-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-36428

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability...

Information disclosure

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability...

CVE-2023-36428

Technical details about CVE-2023-36428 are not provided in the supplied documents. No concrete affected products, versions, or remediation are present here. Monitor for updates from Microsoft and NVD for further information.

kernel: udmabuf: Set ubuf->sg = NULL if the creation of sg table fails

A flaw was found in the Linux kernel’s udmabuf subsystem where the scatter-gather sg pointer was not properly set to NULL if creation of the sg table failed. If userspace attempts to map a dmabuf and the sg table allocation fails e.g., due to memory exhaustion, the kernel later attempts to free a...