Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6454-3)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6454-3 advisory. Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6461-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6461-1 advisory. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged...

SUSE-SU-2023:4279-1 Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024145 fixes several issues. The following security issues were fixed: - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation bsc1215440. - CVE-2023-3390: Fixed an...

USN-6441-3: Linux kernel vulnerabilities

Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service host system crash or...

SUSE-SU-2023:4245-1 Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024157 fixes several issues. The following security issues were fixed: - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation bsc1215440. - CVE-2023-3390: Fixed an...

SUSE-SU-2023:4239-1 Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059127 fixes several issues. The following security issues were fixed: - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation bsc1215440. - CVE-2023-4147: Fixed...

SUSE SLES15 Security Update : kernel (Live Patch 34 for SLE 15 SP3) (SUSE-SU-2023:4239-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4239-1 advisory. - A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nftablesapi.c. Mishandled error handling...

SUSE-SU-2023:4219-1 Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059124 fixes several issues. The following security issues were fixed: - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation bsc1215440. - CVE-2023-4147: Fixed...

Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6454-1)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6454-1 advisory. Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker...

CVE-2023-5753

Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hcicore.c...

SUSE-SU-2023:4201-1 Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-150400155 fixes several issues. The following security issues were fixed: - CVE-2023-4147: Fixed use-after-free in nftablesnewrule bsc1215118. - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve...

Ubuntu: Security Advisory (USN-6444-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Zephyr Security Breach

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr 3.4.0 and earlier versions, which stems from a possible buffer overflow in the Bluetooth subsystem due to disabled assertions in /subsys/bluetooth/host/hcicore.c...

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP5) (SUSE-SU-2023:4166-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4166-1 advisory. - A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nftablesapi.c. Mishandled error handling...

CVE-2023-5753

CVE-2023-5753 concerns the Zephyr RTOS Bluetooth subsystem. The provided documents consistently identify a potential buffer overflow caused by asserts being disabled in the file subsys/bluetooth/host/hci_core.c. The vulnerability is described across multiple sources (NVD, Red Hat, CVE lists, Vera...

CVE-2023-5753 Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem

Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hcicore.c...

USN-6446-2: Linux kernel vulnerabilities

Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service host system crash or...

USN-6445-2: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service excessive CPU consumption. CVE-2023-1206 Daniel Trujillo, Johannes Wikner, and Kaveh Razavi...

Important: Red Hat Security Advisory: Logging Subsystem 5.5.17 - Red Hat OpenShift security update

Logging Subsystem 5.5.17 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Ubuntu: Security Advisory (USN-6441-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...