USN-6534-1: Linux kernel vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

kernel: USB: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: USB: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead which...

kernel: usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq

In the Linux kernel, the following vulnerability has been resolved: usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq Can not set the @sharedhcd to NULL before decrease the usage count by usbputhcd, this will cause the shared hcd not released...

OESA-2023-1799 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in readdescriptors in drivers/usb/core/sysfs.c.CVE-2023-37453 An issue was discovered in the Linux kernel before...

OESA-2023-1798 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in readdescriptors in drivers/usb/core/sysfs.c.CVE-2023-37453 An issue was discovered in the Linux kernel before...

PT-2025-38392

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists when using the debugfs lookup function in the USB ULPI subsystem. The result of calling debugfs lookup requires dput to be called on it to prevent memory leaks over...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3988-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3988-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3969-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3969-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. Th...

Ubuntu: Security Advisory (USN-6415-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3971-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3971-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. Th...

USN-6415-1: Linux kernel (OEM) vulnerabilities

Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel...

USN-6415-1 linux-oem-6.1 vulnerabilities

Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel...

Important: kernel

Issue Overview: An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in readdescriptors in drivers/usb/core/sysfs.c. CVE-2023-37453 nftables out-of-bounds read in nfosfmatchone CVE-2023-39189 A flaw was found in the Netfilter subsyste...

Important: kernel

Issue Overview: An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in readdescriptors in drivers/usb/core/sysfs.c. CVE-2023-37453 nftables out-of-bounds read in nfosfmatchone CVE-2023-39189 A flaw was found in the Netfilter subsyste...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6415-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6415-1 advisory. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow...

SUSE SLES15 Security Update : kernel (SUSE-SU-2023:3600-2)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3600-2 advisory. The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3683-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3683-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. Th...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3656-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3656-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3600-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3600-1 advisory. The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were...

Oracle Linux 8 : kernel (ELSA-2019-3517)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3517 advisory. - virt KVM: coalescedmmio: add bounds checking Bandan Das 1746804 CVE-2019-14821 - vhost vhost: make sure lognum innum Eugenio Perez 1750882...