Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12759)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12759 advisory. - xfrm: fix crash in XFRMMSGGETSA netlink handler Vegard Nossum Orabug: 35598955 CVE-2023-3106 - netfilter: nftables: validate registers coming fr...

Ubuntu: Security Advisory (USN-6332-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6330-1: Linux kernel (GCP) vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...

kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()

A flaw was found in the TC flower classifier clsflower in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCAFLOWERKEYENCOPTSGENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters flsetgeneveopt,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the netfilter subsystem failing to properly handle adding rules to the binding chain under certain...

Ubuntu: Security Advisory (USN-6316-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6318-1: Linux kernel vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...

USN-6316-1: Linux kernel (OEM) vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...

USN-6315-1: Linux kernel vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...

kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()

A flaw was found in the TC flower classifier clsflower in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCAFLOWERKEYENCOPTSGENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters flsetgeneveopt,...

kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()

A flaw was found in the TC flower classifier clsflower in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCAFLOWERKEYENCOPTSGENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters flsetgeneveopt,...

RHEL 8 : kernel (RHSA-2023:4815)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4815 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipvlan: out-of-bounds write...

RHEL 8 : kernel-rt (RHSA-2023:4817)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4817 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-299)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-299 advisory. An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfssetea in...

CVE-2023-40283

A flaw was found in l2capsockrelease in net/bluetooth/l2capsock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled. Mitigation Mitigation for this issue is either not available or the currently...

Important: kernel-livepatch-5.10.178-162.673

Issue Overview: A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3311-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3311-1 advisory. - Information exposure through microarchitectural state after transient execution in certain...

UBUNTU-CVE-2023-40283

An issue was discovered in l2capsockrelease in net/bluetooth/l2capsock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled...

PT-2023-7042 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability in the Linux kernel's XFRM subsystem is related to a null pointer dereference. Exploitation of this issue may allow an attacker to cause a denial of service...