ROS-20230915-10

A vulnerability in the Linux kernel memory management system is related to the lack of randomization of the exception handling stacks. of the exception handling stack. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information. Vulnerability of...

SUSE SLES15 Security Update : kernel (Live Patch 28 for SLE 15 SP3) (SUSE-SU-2023:3623-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3623-1 advisory. This update for the Linux Kernel 5.3.18-15030059109 fixes several issues. The following security issues were fixed: - CVE-2023-32233: Fixed a...

openSUSE 15: cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc (SUSE-SU-2023:3600-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3600-1 advisory. The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

SUSE-SU-2023:3607-1 Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-1503005990 fixes several issues. The following security issues were fixed: - CVE-2023-32233: Fixed a use-after-free in Netfilter nftables when processing batch requests bsc1211187. - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handlin...

SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15 SP3) (SUSE-SU-2023:3594-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3594-1 advisory. - In the Linux kernel, picknextrtentity may return a type confused entry, not detected by the BUGON condition, as the confused entry will not b...

Moderate: Red Hat Security Advisory: Logging Subsystem 5.7.6 - Red Hat OpenShift security update

Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...

September 12, 2023—KB5030216 (OS Build 20348.1970)

September 12, 2023—KB5030216 OS Build 20348.1970 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out...

CVE-2023-4881

Removed by vendor...

CVE-2023-4881

A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 register size, the nftexthdreval family of functions writes 4 NULL bytes past the end of the regs argument, leading to stack corruption and potential...

Oracle Linux 7 : ELSA-2017-2930-1: / kernel (ELSA-2017-29301)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-29301 advisory. - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code with...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5753)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5753 advisory. - media: ttusb-dec: Fix info-leak in ttusbdecsendcommand Tomas Bortoli Orabug: 31351121 CVE-2019-19533 - can: peakusb: fix slab info leak Johan...

OracleVM 3.4 : kernel-uek (OVMSA-2023-0020)

The remote OracleVM system is missing necessary patches to address security updates: - A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. CVE-2022-1015 - A NULL pointer...

Oracle Linux 8 : kernel (ELSA-2019-3517)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3517 advisory. - virt KVM: coalescedmmio: add bounds checking Bandan Das 1746804 CVE-2019-14821 - vhost vhost: make sure lognum innum Eugenio Perez 1750882...

USN-6347-1 linux-azure-fde-5.15 vulnerabilities

William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2022-4269 It was discovered that the NTFS file system...

USN-6347-1: Linux kernel (Azure CVM) vulnerabilities

William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2022-4269 It was discovered that the NTFS file system...

FreeBSD -- Wi-Fi encryption bypass

Problem Description: The net80211 subsystem would fallback to the multicast key for unicast traffic in the event the unicast key was removed. This would result in buffered unicast traffic being exposed to any stations with access to the multicast key. Impact: As described in the "Framing Frames:...

LSN-0097-1: Kernel Live Patch Security Notice

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2023-3090...

kernel: OOB access in the Linux kernel's XFS subsystem

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure with a dirty log journal. This flaw allows a local user to crash or potentially escalate their privileges on the system...

ROS-20230905-01

A vulnerability in the Bluetooth permission verification subsystem of the Linux kernel is associated with errors in the processing of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands by sending specially crafted requests...

USN-6337-1: Linux kernel (Azure) vulnerabilities

It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...