CVE-2023-1249

A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 "coredump: Use the vma snapshot in fillfilesnote" not applied yet, then kernel could be affected...

CVE-2023-1249

A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 "coredump: Use the vma snapshot in fillfilesnote" not applied yet, then kernel could be affected...

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

Design/Logic Flaw

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

The vulnerability of the Client Server Run-Time Subsystem (CSRSS) in the Windows operating system, which allows a perpetrator to access confidential information

The vulnerability of the Client Server Run-Time Subsystem CSRSS in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to access confidential information...

The vulnerability of the Client Server Run-Time Subsystem (CSRSS) in the Windows operating system, which allows a perpetrator to access confidential information

The vulnerability of the Client Server Run-Time Subsystem CSRSS in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to access confidential information...

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-070)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-070 advisory. 2024-04-10: CVE-2023-0461 was added to this advisory. 2024-02-01: CVE-2024-0562 was added to this advisory. 2024-02-01: CVE-2022-48619 was added to this advisory. 2023-10-10: CVE-2023-3357 was...

CBL Mariner 2.0 Security Update: hyperv-daemons / kernel (CVE-2022-47929)

The version of hyperv-daemons / kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-47929 advisory. - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control...

CBL Mariner 2.0 Security Update: kernel (CVE-2022-0500)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-0500 advisory. - A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory wri...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1551)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-12196)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12196 advisory. - l2tp: Serialize access to skuserdata with skcallbacklock Jakub Sitnicki Orabug: 34951574 CVE-2022-4129 - wifi: rndiswlan: Prevent buffer overflo...

USN-5962-1 linux-intel-iotg vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

UBUNTU-CVE-2023-28466

dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference...

kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Ubuntu 22.10 : Linux kernel (KVM) vulnerabilities (USN-5950-1)

The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5950-1 advisory. It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain...

RHEL 8 : kpatch-patch (RHSA-2023:1251)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1251 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...