272 matches found
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: Input: cyapa - add missing input core locking to suspend/resume functions CVE-2023-52884 In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak durin...
kernel: af_unix: Fix garbage collector racing against connect()
A flaw was found in the Linux kernel, where the management of inter-process communication uses AFUNIX sockets. The issue arises from a race condition where a partially initialized socket with specific permissions carrying SCMRIGHTS is improperly handled during garbage collection. This situation...
SUSE CVE-2024-36972
In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under skreceivequeue lock. Billy Jheng Bing-Jhong reported a race between unixgc and queueoob. unixgc tries to garbage-collect closed inflight sockets, and then if the socket has MSGOOB in...
PT-2024-21786 · Ibm · Vios +1
Name of the Vulnerable Software and Affected Versions: IBM AIX versions 7.2 through 7.3 VIOS versions 3.1 through 4.1 Description: The Unix domain datagram socket implementation in IBM AIX could potentially expose applications using Unix domain datagram sockets with the SO PEERID operation, which...
DEBIAN-CVE-2024-26923
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCMRIGHTS, two consecutiv...
kernel: use after free in unix_stream_sendpage
A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...
DEBIAN-CVE-2024-26732
In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockoptSOPEEKOFF syzbot reported a lockdep violation 1 involving afunix support of SOPEEKOFF. Since SOPEEKOFF is inherently not thread safe it uses a per-socket skpeekoff field, there is really no point...
UBUNTU-CVE-2024-26676
In the Linux kernel, the following vulnerability has been resolved: afunix: Call kfreeskb for dead unixsk-oobskb in GC. syzbot reported a warning 0 in unixgc with a repro, which creates a socketpair and sends one socket's fd to itself using the peer. socketpairAFUNIX, SOCKSTREAM, 0, 3, 4 = 0...
UBUNTU-CVE-2024-27297
Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...
Important: redis6
Issue Overview: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. CVE-2023-41056...
Important: redis6
Issue Overview: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. CVE-2023-41056...
io_uring UAF Unix SCM garbage collection
...
samba: smbd allows client access to unix domain sockets on the file system as root
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
SUSE SLES15 Security Update : redis (SUSE-SU-2023:4376-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4376-1 advisory. - Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions...
Rocky Linux 9 : device-mapper-multipath (RLSA-2022:7185)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7185 advisory. - multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local user...
DEBIAN-CVE-2023-3961
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2023:4290-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4290-1 advisory. - CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation bsc1216376. Tenable...
Fedora 37 : redis (2023-8a9087f089)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8a9087f089 advisory. Redis 7.0.14 Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2023-45145 The wrong order...
CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
Apple DCERPC allocation hint uninitialized memory disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1675 Apple DCERPC allocation hint uninitialized memory disclosure vulnerability July 13, 2023 CVE Number None SUMMARY An information disclosure vulnerability exists in the call fault reporting functionality of DCERPC library as used in Apple macOS 12.6.1 that...