EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-1806)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-1824)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack...

Use-after-free in Linux kernel's Performance Events subsystem

...

SUSE CVE-2023-2156

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of...

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6057-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6057-1 advisory. It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker...

PT-2023-2733 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, whi...

PT-2023-2762 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the fixed buffer registration code for io uring io sqe buffer register in io uring/rsrc.c in the Linux kernel that allows out-of-bounds access to physical memory...

CVE-2023-31436

An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control QoS subsystem in how a user triggers the qfqchangeclass function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on t...

CVE-2023-2248

An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control QoS subsystem in how a user triggers the qfqchangeclass function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on t...

Important: kernel

Issue Overview: A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. CVE-2023-1838...

CVE-2023-2236

A use-after-free vulnerability in the Linux Kernel iouring subsystem can be exploited to achieve local privilege escalation. Both ioinstallfixedfile and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend...

CVE-2023-2236

A use-after-free vulnerability in the Linux Kernel iouring subsystem can be exploited to achieve local privilege escalation. Both ioinstallfixedfile and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend...

CVE-2023-2236 Use-after-free in Linux kernel's Performance Events subsystem

A use-after-free vulnerability in the Linux Kernel iouring subsystem can be exploited to achieve local privilege escalation. Both ioinstallfixedfile and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend...

CLSA-2023-1682711481 kernel: Fix of 7 CVEs

mISDN: fix use-after-free bugs in l1oip timer handlers CVE-2022-3565 - media: rc: Fix use-after-free bugs caused by enetxirqsim CVE-2023-1118 - Bluetooth: btsdio: fix use after free bug in btsdioremove due to unfinished work CVE-2023-1989 - proc: procskipspaces shouldn't think it is working on C...

CLSA-2023-1682605601 Fix of 53 CVEs

CVE-2022-1198 - drivers: hamradio: 6pack: fix UAF bug caused by modtimer Bionic update: upstream stable patchset 2022-03-04 LP: 1963717 // CVE-2020-36516 - ipv4: avoid using shared IP generator for connected sockets CVE-2022-36879 - xfrm: xfrmpolicy: fix a possible double xfrmpolsput in...

USN-6044-1: Linux kernel vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...

Moderate: Red Hat Security Advisory: Logging Subsystem 5.6.5 - Red Hat OpenShift security update

Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...

Rocky Linux 8 : kernel-rt (RLSA-2023:1584)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1584 advisory. - A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking configuration redirecting egress packets to ingress usi...

RHEL 9 : kpatch-patch (RHSA-2023:1984)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1984 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fixe...

RHEL 9 : kernel-rt (RHSA-2023:1980)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1980 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Securi...