Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel

...

A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.

...

PT-2023-34812 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.90 Description: A race condition exists between mounting and unmounting in the gadgetfs of the USB subsystem. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

PT-2023-34824 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.90 Description: A potential security issue has been identified in the Linux Kernel, specifically in the omapfb module of the fbdev subsystem. The issue is related to a stack overflow warning. The actual...

PT-2023-34879 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.230 Description: A race condition exists between mounting and unmounting in the gadgetfs of the USB subsystem. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

PT-2023-34849 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.165 Description: A race condition exists between mounting and unmounting in the gadgetfs of the USB subsystem. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

PT-2023-34867 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.164 Description: The issue is related to the pn533 usb send frame function in the Linux Kernel's NFC subsystem, specifically with the pn533 driver. It involves waiting for the completion of out urb in this...

PT-2023-34762 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.8 Description: A potential security issue has been identified in the Linux Kernel, specifically in the omapfb module of the fbdev subsystem. The issue is related to a stack overflow warning. The actual impa...

PT-2023-34907 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.270 Description: The issue is related to the pn533 usb send frame function in the Linux Kernel's NFC subsystem, where it does not wait for out urb's completion. This could potentially lead to security...

PT-2023-34834 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.89 Description: The issue is related to the pn533 usb send frame function in the Linux Kernel's NFC subsystem, specifically the pn533 driver. It involves waiting for out urb's completion. The actual impact...

PT-2023-34891 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.229 Description: The issue is related to the pn533 usb send frame function in the Linux Kernel's NFC subsystem, where it does not wait for out urb's completion. This could potentially lead to security...

Ubuntu 22.10 : Linux kernel (Raspberry Pi) vulnerabilities (USN-5832-1)

The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5832-1 advisory. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1262)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-34884

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service...

Lenovo XClarity Controller 缓冲区错误漏洞

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. The Lenovo XClarity Controller suffers from a security vulnerability that stems from its Remote Presence subsystem that allows...

Linux kernel denial-of-service vulnerability (CNVD-2023-05410)

Linux kernel, the kernel used by the Linux Foundation's open source operating system Linux, is vulnerable to a denial-of-service attack in versions of Linux kernel prior to 6.1.6. In affected versions of the Linux kernel, a NULL pointer dereference error in the flow control subsystem allows an...

Ubuntu: Security Advisory (USN-5830-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5831-1: Linux kernel (Azure CVM) vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

AZL-13170 CVE-2023-0394 affecting package kernel for versions less than 5.15.92.1-1

A NULL pointer dereference flaw was found in rawv6pushpendingframes in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash...

AZL-13168 CVE-2023-0394 affecting package hyperv-daemons for versions less than 5.15.92.1-1

A NULL pointer dereference flaw was found in rawv6pushpendingframes in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash...