kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE

A use-after-free vulnerability was found in the netfilter: nftables component in the Linux kernel due to a missing error handling in the abort path of NFTMSGNEWRULE. This flaw allows a local attacker with CAPNETADMIN access capability to cause a local privilege escalation problem...

PT-2023-9466 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the RDMA/srp component of the Linux kernel, where a use-after-free condition can occur. This happens when the scmd eh abort handler function calls the SCSI LLD ...

CVE-2022-37051

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file...

Code injection

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service out-of-memory abort via crafted packet data, as exploited in the wild in August 2023...

kernel: scsi: qla2xxx: Fix crash when I/O abort times out

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xxprocessresponsequeue+0x42a/0x970 qla2xxx qla2x00startnvmemq+0x3a2/0x4b0 qla2xxx...

PT-2023-35897 · Git +1 · Libjpeg-Turbo

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is related to an Invalid-free crash type. The crash state involves functions such as jpeg free large, jpeg abort, and jpeg finish decompress. No information is provided about...

CVE-2023-1428

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

CVE-2023-1428

CVE-2023-1428: gRPC for C++ is affected by a denial of service due to specific HTTP/2 header handling. When certain headers (for example te: x; :scheme: x; grpclb_client_stats: x) are sent and the total header size exceeds 8 KB, gRPC’s C++ implementation can abort(). The vulnerability is a NETWOR...

CVE-2023-1428 Denial-of-Service in gRPC

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

gRPC 安全漏洞

gRPC is a modern, open-source, high-performance Remote Procedure Call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC, which stems from the ability to call abort functions via http2...

PT-2023-4885 · Grpc +1 · Grpc +1

Name of the Vulnerable Software and Affected Versions: gRPC versions prior to v1.53 Description: The issue is related to the gRPC C++ implementation, where certain headers can cause an abort to be called when sent via http2. The affected headers include te: x where x is not trailers, :scheme: x...

kernel: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata

An ABBA deadlock flaw was found in the Linux kernel's device-mapper thin provisioning subsystem between the memory reclaim path and metadata abort handling. A local user can trigger this issue by initiating cache drop operations while dm-thin operations are active, causing process P1 to hold...

kernel: scsi: qla2xxx: Fix crash when I/O abort times out

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xxprocessresponsequeue+0x42a/0x970 qla2xxx qla2x00startnvmemq+0x3a2/0x4b0 qla2xxx...

dhcp: option refcount overflow when leasequery is enabled leading to dhcpd abort

An integer overflow vulnerability was found in the DHCP server. When the "optioncodehashlookup" function is called from "addoption", it increases the option's "refcount" field. However, there is not a corresponding call to "optiondereference" to decrement the "refcount" field. The "addoption"...

RHEL 8 : dhcp (RHSA-2023:3000)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3000 advisory. The Dynamic Host Configuration Protocol DHCP is a protocol that allows individual devices on an IP network to get their own network...

wireshark security and bug fix update

1:3.4.10-4 - Resolves: 2152064 - CVE-2022-3190 wireshark: f5ethtrailer Infinite loop in legacy style dissector 1:3.4.10-3 - Resolves: 2083581 - capinfos aborts in FIPS 1:3.4.10-2 - Resolves: 2160648 - Enhanced TMT testing for centos-stream...

The vulnerability in the implementation of the SCTP protocol in Linux kernel allows a attacker to cause a service failure (to disconnect the connection).

The vulnerability in the implementation of the SCTP protocol net/sctp/smstatefuns.c in the Linux kernel is related to the lack of checking VTAG in the blocks received from the user, and the incorrect ABORT flag used to process these blocks. Exploiting this vulnerability allows a remote attacker t...

CVE-2021-46794

Insufficient bounds checking in ASP AMD Secure Processor may allow for an out of bounds read in SMI System Management Interface mailbox checksum calculation triggering a data abort, resulting in a potential denial of service...

CVE-2021-46794

Insufficient bounds checking in ASP AMD Secure Processor may allow for an out of bounds read in SMI System Management Interface mailbox checksum calculation triggering a data abort, resulting in a potential denial of service...

CVE-2021-46749

Insufficient bounds checking in ASP AMD Secure Processor may allow for an out of bounds read in SMI System Management Interface mailbox checksum calculation triggering a data abort, resulting in a potential denial of service...