10854 matches found
Linux kernel elevation of privilege vulnerability (CNVD-2022-68618)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an elevation of privilege vulnerability due to a post-release usage flaw in the Linux kernel's Managed Component Transport Protocol MCTP subsystem, which could be exploited ...
CVE-2022-0646
A flaw use after free in the Linux kernel Management Component Transport Protocol MCTP subsystem was found in the way user triggers cancelworksync after the unregisternetdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It...
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5294-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5294-1 advisory. It was discovered that the Packet network protocol implementation in the Linux kernel contained a double- free vulnerability. A local attacker could use...
SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0477-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0477-1 advisory. - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instruction...
USN-5267-3: Linux kernel (Raspberry Pi) vulnerabilities
USN-5267-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding updates for the Linux kernel for Raspberry Pi devices. Original advisory details: It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local...
OracleVM 3.4 : kernel-uek (OVMSA-2022-0007)
The remote OracleVM system is missing necessary patches to address security updates: - Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. CVE-2021-0129 - In eploopcheckproc of eventpoll.c, there is a possible way to...
Security Bulletin: Vulnerability in Linux Kernel affects ProtecTIER: Dirty COW vulnerability (CVE-2016-5195)
Summary A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. An attacker could exploit this vulnerability to gain write access to read-only memory mappings and elevated privileges on the system...
CVE-2022-25258
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests ones with a large array index and ones associated with NULL function pointer retrieval. Memory corruption might occur...
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to...
CVE-2022-25258
The CVE-2022-25258 issue affects the Linux kernel USB Gadget subsystem, specifically drivers/usb/gadget/composite.c, where interface OS descriptor requests with large indices or NULL function pointer handling were not properly validated, enabling memory corruption. It affects kernels before 5.16....
Linux kernel 代码问题漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel versions prior to 5.16.10 are vulnerable due to a failure to properly validate interface OS descriptor requests in the USB gadget subsystem. A local attacker could exploit this vulnerabilit...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9148)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9148 advisory. - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33832582 CVE-2022-0492 - tee: handle lookup of shm with reference...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9147)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9147 advisory. - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33832582 CVE-2022-0492 - tee: handle lookup of shm with reference...
PT-2022-1368 · Linux +6 · Linux Kernel +6
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.10 Description: The issue is related to the USB Gadget subsystem in the Linux kernel, which lacks certain validation of interface OS descriptor requests. This can lead to memory corruption. The vulnerabilit...
CVE-2021-45402
A memory leak flaw was found in the Linux kernel’s BPF subsystem in the way a user triggers the checkaluop function of the BPF verifier. This flaw allows a local user to obtain unauthorized memory access or potentially crash the system. Mitigation The default Red Hat Enterprise Linux kernel...
Updated microcode packages fix security vulnerabilities
Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Insufficient control flow management in some IntelR Processors may allow an authenticated user to potentially enable a denial of service via local access CVE-2021-0127 / SA-00532...
PT-2022-7357 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.17-rc1 through 5.17-rc5 Description: A flaw in the Linux kernel Management Component Transport Protocol MCTP subsystem was found, related to use after free. This issue can be triggered by a local user, allowing them to...
SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0366-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0366-1 advisory. - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner...
SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2022:0367-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0367-1 advisory. The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...
SUSE SLES12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2022:0362-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0362-1 advisory. The SUSE Linux Enterprise 12 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were...