10856 matches found
USN-5092-1 linux, linux-aws, linux-aws-5.11, linux-gcp, linux-kvm, linux-oracle, linux-raspi vulnerabilities
Valentina Palmiotti discovered that the iouring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. CVE-2021-41073 Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in...
USN-5091-1: Linux kernel vulnerabilities
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. CVE-2021-33624 It was...
USN-5091-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. CVE-2021-33624 It was...
PT-2021-7323 · Linux +9 · Linux Kernel Overlayfs Subsystem +9
Name of the Vulnerable Software and Affected Versions: Linux kernel OverlayFS subsystem affected versions not specified Description: A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific ways with OverlayFS. This issue coul...
SUSE SLES15: kernel-azure / kernel-azure-devel / kernel-devel-azure / etc (SUSE-SU-2021:3179-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3179-1 advisory. The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-5071-3)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5071-3 advisory. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations,...
Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9458)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9458 advisory. - Bluetooth: defer cleanup of resources in hciunregisterdev Tetsuo Handa Orabug: 33369947 CVE-2021-3573 - Bluetooth: fix the erroneous flushwork order...
Apple iOS和Apple iPadOS 缓冲区错误漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A buffer error vulnerability exists in Apple iOS 15 and iPadOS 15, which stems from a logic issue within the Telephony...
The vulnerability of the `blk_mq_free_rqs` and `blk_cleanup_queue` functions in the Linux kernel’s block subsystem, related to memory usage after deallocation, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the blkmqfreerqs and blkcleanupqueue functions in the Linux kernel’s block subsystem relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...
Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel (GCP) vulnerabilities (USN-5073-2)
The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5073-2 advisory. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM ...
New Malware Targets Windows Subsystem for Linux to Evade Detection
A number of malicious samples have been created for the Windows Subsystem for Linux WSL with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft"...
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9450)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9450 advisory. 5.4.17-2102.205.7.2 - btrfs: fix race between marking inode needs to be logged and log syncing Filipe Manana Orabug: 33349276 5.4.17-2102.205.7.1 -...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9451)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9451 advisory. - KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 Maxim Levitsky Orabug: 33226010 CVE-2021-3653 - Revert KVM: nSVM:...
Amazon Linux 2 : kernel (ALAS-2021-1704)
The version of kernel installed on the remote host is prior to 4.14.246-187.474. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1704 advisory. A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing t...
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to...
CVE-2021-38635
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability...
CVE-2021-38636
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability...
CVE-2021-38635
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability...
CVE-2021-38636
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability...