Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

GSD-2023-1001282 powerpc/rtas: avoid device tree lookups in rtas_os_term()

powerpc/rtas: avoid device tree lookups in rtasosterm This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1000920 powerpc/rtas: avoid device tree lookups in rtas_os_term()

powerpc/rtas: avoid device tree lookups in rtasosterm This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...

GSD-2023-1000462 powerpc/rtas: avoid device tree lookups in rtas_os_term()

powerpc/rtas: avoid device tree lookups in rtasosterm This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.17 by commit...

PT-2023-33485 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: A bug was found in the es tree search function related to a bad quota inode, which may potentially lead to security issues. The actual impact and attack plausibility have not yet been proven...

Fuzzable - Framework For Automating Fuzzable Target Discovery With Static Analysis

Framework for Automating Fuzzable Target Discovery with Static Analysis. Introduction Vulnerability researchers conducting security assessments on software will often harness the capabilities of coverage-guided fuzzing through powerful tools like AFL++ and libFuzzer. This is important as it...

Prototype Pollution

tree-kit is vulnerable to prototype pollution. The vulnerability exists in the op function of browser/tree-kit.js, due to the improper checks for the key variable which allows an attacker to modify object prototype attributes...

PT-2023-9448 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to a panic condition in the Linux kernel when the extent tree is not created. This issue can lead to a denial of service. The vulnerability is associated...

CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

Path traversal

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

PT-2025-54126

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists when tree connecting to the Inter-Process Communication IPC. Access to TCP Server Info::hostname is not adequately protected when building the IPC tree name,...

PT-2025-49747

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s overlay functionality where a call to of changeset init occurs prematurely. Specifically, if of overlay fdt apply fails, a partial state may remain,...

CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

...

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.

...

The vulnerability of the SMB subsystem in Linux operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the SMB subsystem fs/ksmbd/smb2misc.c in the Linux operating system is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure during the processing of SMB2TREECONNECT...

3d-kit (>=0.0.1 <=0.0.14), @0x4447/broccoli (>=1.0.0 <=1.0.16) +144 more potentially affected by CVE-2021-4278 via tree-kit (>=0.0.4 <=0.6.2)

tree-kit NPM version =0.0.4, =0.0.1, =1.0.0, =2.0.0, =1.0.0, =1.18.0, =0.0.1, =1.0.5-master.20190403074739, =1.0.0-master.20180909013449, =0.1.0-master.20191109234452, =0.1.0-ipcrm-custom-event.20191122150318, =1.1.0, =0.1.0-master.20190319050251, =0.1.9-update-dependencies.20190319120645,...

GHSA-MW4X-G2X8-QCVF tree-kit vulnerable to Prototype Pollution

A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. Upgrading to version 0.7.0 is able to address this issue. The...

tree-kit vulnerable to Prototype Pollution

A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. Upgrading to version 0.7.0 is able to address this issue. The...