Mageia: Security Advisory (MGASA-2022-0194)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allo...

The vulnerability of the get_user_pages_fast() function implementation in the KVM virtualization subsystem of Linux operating systems allows a attacker to cause a service failure or gain increased privileges.

The vulnerability of the getuserpagesfast function implementation in the KVM virtualization subsystem of Linux operating systems is related to writing data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure or increase their privileges...

Oracle Linux 8 : kernel (ELSA-2022-1988)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1988 advisory. - netfilter: nftablesoffload: incorrect flow offload action array size Florian Westphal 2056728 CVE-2022-25636 - RDMA/cma: Do not change...

Rocky Linux 8 : kernel-rt (RLSA-2022:1975)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1975 advisory. - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls...

Ansible Sensitive Files Are Locally Readable

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file...

SUSE-SU-2022:1676-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-27835: Fixed a use after free vulnerability in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use...

GHSA-H75F-HJCR-CVH8 Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...

Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...

GHSA-2VHR-4MHQ-M35C Moodle does not properly restrict access

The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict 1 view and 2 edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to...

Moodle does not properly restrict access

The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict 1 view and 2 edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to...

Ubuntu: Security Advisory (USN-5415-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5417-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

...

Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5413-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5413-1 advisory. Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5417-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5417-1 advisory. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2...

PT-2024-11868 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A bounds check issue in the Linux kernel's ASoC: ops has been resolved. The issue involves the semantics of the max field for sx controls, where max represents the number of steps rath...

PT-2024-11821 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel, specifically with the ASoC: ops, where the bounds checks in the snd soc put volsw sx function are only applied to the first channel. This mean...

AlmaLinux 8 : kernel (ALSA-2022:1988)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1988 advisory. - In uvcscanchainforward of uvcdriver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5415-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5415-1 advisory. Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically...