CLSA-2023-1690294029 kernel: Fix of 29 CVEs

ALSA: pcm: Fix races among concurrent prealloc proc writes CVE-2022-1048 - ALSA: pcm: Fix races among concurrent prepare and hwparams/hwfree calls CVE-2022-1048 - ALSA: pcm: Fix races among concurrent read/write and buffer changes CVE-2022-1048 - ALSA: pcm: Fix races among concurrent hwparams and...

LSN-0096-1: Kernel Live Patch Security Notice

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service system crash ...

LSN-0096-1 Kernel Live Patch Security Notice

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service system crash ...

Linux kernel 代码问题漏洞

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a vulnerability in the XFRM subsystem that allows a malicious user with the CAPNETADMIN privilege to trigger a null pointer...

Cisco NX-OS Software Remote Package Manager Command Injection (CVE-2019-1732)

A vulnerability in the Remote Package Manager RPM subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use TOCTOU race condition to corrupt local variables, which could lead to arbitrary command injectio...

The vulnerability of the xfrm_state_walk_done() function in the net/xfrm/xfrm_user.c module of the XFRM subsystem in the Linux operating system allows a attacker to compromise the integrity, confidentiality, or accessibility of data, or to enhance their privileges.

The vulnerability of the xfrmstatewalkdone function in the net/xfrm/xfrmuser.c module of the XFRM subsystem in the Linux operating system is related to the use of uninitialized variables. Exploiting this vulnerability could allow an attacker to compromise the integrity, confidentiality, or...

PT-2023-3971

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw was found in the Linux kernel's IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAP NET ADMIN privileges to cause a 4 byte...

Dahua Smart Parking Management 代码问题漏洞

Dahua Smart Parking Management is a parking solution from Dahua, China. A code issue exists in Dahua Smart Parking Management versions prior to 20230713, which stems from unknown code in the file /emap/devicePointaddImgIco?hasSubsystem=true, which results in unrestricted uploads via the parameter...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-251)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-251 advisory. A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and write...

Amazon Linux 2 : kernel (ALAS-2023-2130)

The version of kernel installed on the remote host is prior to 4.14.320-242.534. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2130 advisory. A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6235-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6235-1 advisory. It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker...

CVE-2023-21400

A double-free vulnerability was found in the iouring subsystem in the Linux kernel. This issue may allow a malicious local user to crash the kernel or elevate their privileges on the system...

Important: kernel

Issue Overview: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash o...

Important: kernel

Issue Overview: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash o...

Important: kernel

Issue Overview: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash o...

CVE-2023-0160

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system...

CVE-2023-0160

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system...

Design/Logic Flaw

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system...

CVE-2023-0160

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system...

UBUNTU-CVE-2023-0160

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system...