SUSE SLES15 Security Update : kernel RT (Live Patch 17 for SLE 15 SP4) (SUSE-SU-2024:0339-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:0339-1 advisory. - A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition ca...

PT-2024-20330 · Unknown · Mediaserver

Name of the Vulnerable Software and Affected Versions: media-server version 1.0.0 Description: A Use-After-Free UAF issue was discovered in the sip uac stop timer function. This issue is related to the /uac/sip-uac-transaction.c file. Recommendations: For media-server version 1.0.0, consider...

Important: kernel-livepatch-4.14.327-246.539

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdiunregister is called to stop further write-back and waits for associated delayed work to complete. However, wbinodewritebackend may schedule bandwidth estimation work after this has completed, which can result in the...

It was discovered that when exec'ing from a non-leader thread armed POSIX CPU timers would be left on a list but freed leading to a use-after-free.

...

Design/Logic Flaw

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdiunregister is called to stop further write-back and waits for associated delayed work to complete. However, wbinodewritebackend may schedule bandwidth estimation work after this has completed, which can result in the...

CVE-2024-0562

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdiunregister is called to stop further write-back and waits for associated delayed work to complete. However, wbinodewritebackend may schedule bandwidth estimation work after this has completed, which can result in the...

OESA-2024-1030 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: openeuler-linux-kernel-4.19.0-cbsdestroy-NULL-ptr-deref-391216CVE-2021-33630 openeuler-linux-kernel-5.10.149-ext4writeinlinedata-kernelbug-365020CVE-2021-33631 An out-of-bounds read vulnerability was found in the NVMe-oF/TCP...

CVE-2022-2585

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free...

CVE-2023-28583

Memory corruption when IPv6 prefix timer objects lifetime expires which are created while Netmgr daemon gets an IPv6 address...

Memory corruption

Memory corruption when IPv6 prefix timer objects lifetime expires which are created while Netmgr daemon gets an IPv6 address...

CVE-2023-28583 Double Free in Data Network Stack & Connectivity

Memory corruption when IPv6 prefix timer objects lifetime expires which are created while Netmgr daemon gets an IPv6 address...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption that occurs when the life cycle of an IPv6 Prefix Timer object, which is created when the Netmgr daemon obtains an IPv6 address,...

PT-2024-12172 · Unknown · Netmgr Daemon

Name of the Vulnerable Software and Affected Versions: Netmgr daemon affected versions not specified Description: The issue is related to memory corruption that occurs when the lifetime of IPv6 prefix timer objects expires. These objects are created while the Netmgr daemon is obtaining an IPv6...

CVE-2023-6932

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past...

AZL-32263 CVE-2023-6932 affecting package kernel for versions less than 5.15.143.1-1

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past...

Race condition

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past...

UBUNTU-CVE-2023-6932

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past...

CVE-2023-6932 Use-after-free in Linux kernel's ipv4: igmp component

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past...

Fortinet FortiOS Access Control Error Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An Access Control Error...