FreeBSD Security Vulnerabilities

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD versions 13.1 and 13.2, which stems from a buffer overflow vulnerability in the fwctl driver state machine. The vulnerability can be exploited to execute arbitrary code as root ...

Fedora: Security Advisory for kernel-headers (FEDORA-2023-3661f028b8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: kernel-headers-6.4.4-200.fc38

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

[SECURITY] Fedora 37 Update: kernel-headers-6.4.4-100.fc37

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

Qualcomm Adreno/KGSL Data Leakage

Qualcomm Adreno/KGSL: pages can be freed to page pool while having GPU references on !CONFIGQCOMKGSLUSESHMEM Tested on a Pixel 4 again with a slightly outdated version of KGSL. I ordered a Pixel 5a but don't have it yet... On KGSL builds where CONFIGQCOMKGSLUSESHMEM is not set or on older KGSL...

kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

[SECURITY] Fedora 38 Update: keyring-ima-signer-0.1.0-9.fc38

The IMA Integrity Measurement Architecture is a key component of the Linux integrity subsystem designed to ensure integrity, authenticity, and confidentiality of systems including hardware root of trusts TPM. This tool allows signing of files in userspace, inclusding options of including the...

RHEL 8 : openvswitch2.15 (RHSA-2023:1824)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1824 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixe...

Fedora 38 : openvswitch (2023-7da03dc2ae)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7da03dc2ae advisory. Update for 3.1.1 2185071, includes fixes for CVE-2023-1668 2186245 Tenable has extracted the preceding description block directly from the Fedora...

CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

DEBIAN-CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

Cross site scripting

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

CVE-2023-1998

CVE-2023-1998 affects the Linux kernel. Root cause: when using legacy IBRS, the IBRS bit is cleared on returning to userspace, disabling implicit STIBP and leaving some spectre-BTI protections ineffective; attackers on a local machine could exploit cross-thread branch target injection despite mit...

CVE-2023-1998 Spectre v2 SMT mitigations problem in Linux kernel

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

OESA-2023-1234 openvswitch security update

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifyin...

Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit

Exploit Title: Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit Author: nu11secur1ty CVE ID: CVE-2023-1998 Description Summary The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as...

CVE-2023-2194

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data-block0" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dmabuffer. This flaw could allow a local privilege...

CVE-2023-2194

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data-block0" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dmabuffer. This flaw could allow a local privilege...

CVE-2023-2194

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data-block0" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dmabuffer. This flaw could allow a local privilege...