kernel: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()

A vulnerability was found in the Linux kernel's ASoC operations within the soc-ops.c file, where the function sndsocputvolsw fails to validate the range of values being set, results in out-of-bounds values to be accepted,...

kernel: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM Do not call snddmafreepages when snddmaallocpages returns -ENOMEM because it leads to a NULL pointer dereference bug. The dmesg says: T1387 sof-audio-pci-intel-tgl...

kernel: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipccontroldata via loadbytes We have sanity checks for byte controls and if any of the fail the locally allocated scontrol-ipccontroldata is freed up, but not set to NULL. On a...

kernel: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE

A flaw was found in the lpfc module in the Linux kernel. A missing release of allocated memory when an error occurs will cause a memory leak, potentially impacting system performance and resulting in a denial of service...

kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in virt/kvm/dirty_ring.c

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service...

kernel: use after free in SUNRPC subsystem

A use-after-free flaw was found in the Linux kernel’s net/sunrpc/xprt.c function in the Remote Procedure Call SunRPC protocol. This flaw allows a local attacker to crash the system, leading to a kernel information leak issue...

kernel: race condition in snd_pcm_hw_free leading to use-after-free

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hwparams. The hwfree ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges ...

kernel: use-after-free vulnerability in function sco_sock_sendmsg()

A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory page. A privilege...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9998)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9998 advisory. - afkey: Do not call xfrmprobealgs in parallel Herbert Xu Orabug: 34610032 CVE-2022-3028 Tenable has extracted the preceding description block directly from...

NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2022-0089)

The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities: - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4putsuper in...

DEBIAN-CVE-2022-3238

A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2022-3238

A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system...

UBUNTU-CVE-2022-3238

A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system...

PT-2022-35538 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: The issue is related to refcount leak bugs in the drm/omap dss component. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions pri...

PT-2022-35253 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the ALSA usb-audio component. It was introduced in a specific commit and fixed in Linux Kernel version v5.15.75 by another commit. The actual impact and attack...

PT-2022-35671 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.220 Description: The issue is related to the drm/msm/dpu component, specifically with the indexing of dpu kms-hw vbif using vbif idx. The actual impact and attack plausibility have not yet been proven...

PT-2022-35093 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to inconsistent HW shutdown in the drm/msm component. It was introduced in version v5.9 and fixed in version v6.0.3. The actual impact and attack plausibility have not ye...

PT-2022-35181 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.2 Description: The issue concerns a problem with cfg80211/mac80211 where bad MBSSID elements are not properly rejected. The actual impact and potential for attack have not been proven yet. Recommendations:...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-2767)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enabl...

PT-2022-6640 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.2 Description: The issue is related to the ntfs3 subsystem in the Linux kernel, which does not properly check for correctness during disk reads. This leads to an out-of-bounds read in the ntfs set ea function ...