10854 matches found
EulerOS 2.0 SP3 : kernel (EulerOS-SA-2022-1171)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the nl80211policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local...
kernel: use-after-free in function hci_sock_bound_ioctl()
A flaw use-after-free in function hcisockboundioctl of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hciunregisterdev together with one of the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo,...
kernel: possible use-after-free in bluetooth module
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to...
Important: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
kernel: double free in bluetooth subsystem when the HCI device initialization fails
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system...
kernel: use-after-free in function hci_sock_bound_ioctl()
A flaw use-after-free in function hcisockboundioctl of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hciunregisterdev together with one of the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo,...
kernel: possible use-after-free in bluetooth module
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to...
USN-5299-1: Linux kernel vulnerabilities
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. CVE-2020-26147 It was discovered that the bluetooth...
USN-5298-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-22600 Jürgen Groß discovered that the Xen subsystem...
USN-5294-2: Linux kernel vulnerabilities
It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-22600 Szymon Heidrich discovered that the USB Gadget...
PT-2022-7490 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to a race condition in the configfs component of the Linux kernel. When configfs register subsystem or configfs unregister subsystem is executing link grou...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5294-2)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5294-2 advisory. It was discovered that the Packet network protocol implementation in the Linux kernel contained a double- free vulnerability. A local attacke...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5297-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5297-1 advisory. Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certa...
CVE-2022-0646
A flaw use after free in the Linux kernel Management Component Transport Protocol MCTP subsystem was found in the way user triggers cancelworksync after the unregisternetdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It...
CVE-2022-0646
A flaw use after free in the Linux kernel Management Component Transport Protocol MCTP subsystem was found in the way user triggers cancelworksync after the unregisternetdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It...
UBUNTU-CVE-2022-0646
A flaw use after free in the Linux kernel Management Component Transport Protocol MCTP subsystem was found in the way user triggers cancelworksync after the unregisternetdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It...
CVE-2022-0646
The CVE-2022-0646 issue affects the Linux kernel MCTP subsystem, caused by a use-after-free in the code path involving cancel_work_sync after unregister_netdev during device removal. It targets Linux Kernel 5.17-rc1 through 5.17-rc5, enabling a local attacker to crash the system or escalate privi...
CVE-2022-0646
A flaw use after free in the Linux kernel Management Component Transport Protocol MCTP subsystem was found in the way user triggers cancelworksync after the unregisternetdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It...
CVE-2022-0646
A flaw use after free in the Linux kernel Management Component Transport Protocol MCTP subsystem was found in the way user triggers cancelworksync after the unregisternetdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It...
Linux kernel denial-of-service vulnerability (CNVD-2022-69195)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel versions prior to 5.16.10 are vulnerable due to a failure to properly validate interface OS descriptor requests in the USB gadget subsystem. A local attacker could exploit this vulnerabilit...