kernel: use-after-free vulnerability in function sco_sock_sendmsg()

A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory page. A privilege...

kernel: race condition in snd_pcm_hw_free leading to use-after-free

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hwparams. The hwfree ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges ...

kernel: swiotlb information leak with DMA_FROM_DEVICE

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read random memory from the kernel space...

kernel: use-after-free vulnerability in function sco_sock_sendmsg()

A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory page. A privilege...

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

...

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

...

Microsoft Windows Subsystem for Linux 竞争条件问题漏洞

Microsoft Windows Subsystem for Linux WSL is a Microsoft Windows Subsystem for Linux, a compatibility layer capable of running native Linux binary executables ELF format. A vulnerability exists in the Microsoft Windows Subsystem for Linux for competitive conditions issue. The following products a...

KLA20043 PE vulnerability in Microsoft Open Source Software

Elevation of privilege vulnerability was found in Microsoft Open Source Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2022-38014 Related products Microsoft-Windows CVE list CVE-2022-38014 high KB list Solution Install necessary updates from t...

PT-2022-5656 · Microsoft · Windows Win32 Kernel Subsystem +1

Name of the Vulnerable Software and Affected Versions: Windows Win32 Kernel Subsystem affected versions not specified Description: The issue is related to insufficient access control in the Windows Win32 Kernel Subsystem, allowing an attacker to elevate their privileges. This can impact the syste...

KLA20046 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Azure RTOS GUIX Studio can be exploited remotely to execut...

PT-2022-5508 · Microsoft · Azure Iot Edge For Linux On Windows +1

Name of the Vulnerable Software and Affected Versions: Windows Subsystem for Linux WSL2 affected versions not specified Azure IoT Edge for Linux on Windows EFLOW affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in the kernel...

SUSE SLES15: cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc (SUSE-SU-2022:3809-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3809-1 advisory. The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

USN-5706-1: Linux kernel (Azure CVM) vulnerabilities

It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2...

SUSE SLES12: kernel-default / kernel-default-base / kernel-default-devel / etc (SUSE-SU-2022:3779-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3779-1 advisory. The SUSE Linux Enterprise 12-SP2 kernel was updated receive various security and bugfixes. The following security bugs were fixed: -...

SUSE-SU-2022:3779-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12-SP2 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking bnc1203769. - CVE-2022-41218: Fixed an use-after-free caused by refcount races ...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

RLSA-2022:7110 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A use-after-free in clsroute filter implementation may lead to privilege escalation CVE-2022-2588 Information leak in scsiioctl CVE-2022-0494 A kernel-info-leak issue in pfkeyregister CVE-2022-13...

ALSA-2022:7110 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A use-after-free in clsroute filter implementation may lead to privilege escalation CVE-2022-2588 Information leak in scsiioctl CVE-2022-0494 A kernel-info-leak issue in pfkeyregister CVE-2022-13...

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A use-after-free in clsroute filter implementation may lead to privilege escalation CVE-2022-2588 Information leak in scsiioctl CVE-2022-0494 A kernel-info-leak issue in pfkeyregister CVE-2022-13...