54 matches found
CVE-2024-26674
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to ASMEXTABLEUA for get,putuser fixups During memory error injection test on kernels = v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels getusernocheck4+0x6/0x20 mce: Hardwa...
CVE-2024-26674
CVE-2024-26674 affects the Linux kernel x86/mm code, specifically a fixup path for get_user()/put_user(). In kernel builds >= 6.4 memory-error-injection can trigger a machine-check and panic due to a revert from _ASM_EXTABLE_UA() to a more generic fixup type. The issue arose when MCA handling ...
CVE-2024-26674
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to ASMEXTABLEUA for get,putuser fixups During memory error injection test on kernels = v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels getusernocheck4+0x6/0x20 mce: Hardwa...
CVE-2023-0459
A vulnerability was found in copyfromuser in 64-bit versions of the Linux kernel. This flaw allows a local attacker to bypass the "accessok" sanity check and pass a kernel pointer to copyfromuser, resulting in kernel data leaking. Mitigation Mitigation for this issue is either not available or th...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6132-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6132-1 advisory. Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6118-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6118-1 advisory. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a...
DEBIAN-CVE-2023-0459
Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond...
CVE-2023-0459
Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond...
AZL-26953 CVE-2023-0459 affecting package kernel for versions less than 5.15.116.1-1
Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond...
Design/Logic Flaw
Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond...
CVE-2023-0459
CVE-2023-0459: Linux kernel on 64-bit systems is affected by a local elevation of information disclosure due to Copy_from_user bypassing __uaccess_begin_nospec, bypassing access_ok and allowing a user to pass a kernel pointer to copy_from_user. Root cause is the __uaccess_begin_nospec handling. I...
CVE-2023-0459 Copy_from_user Spectre-V1 Gadget in Linux Kernel
Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond...
CVE-2023-0459
Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-6109-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6109-1 advisory. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a...
CVE-2023-0459
Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond...
kernel: Copy_from_user on 64-bit versions may leak kernel information
A vulnerability was found in copyfromuser in 64-bit versions of the Linux kernel. This flaw allows a local attacker to bypass the "accessok" sanity check and pass a kernel pointer to copyfromuser, resulting in kernel data leaking...
GSD-2022-1001940 uaccess: fix integer overflow on access_ok()
uaccess: fix integer overflow on accessok This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.32 by commit...
GSD-2022-1001636 uaccess: fix integer overflow on access_ok()
uaccess: fix integer overflow on accessok This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.18 by commit...
GSD-2022-1001328 uaccess: fix integer overflow on access_ok()
uaccess: fix integer overflow on accessok This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.1 by commit...
CVE-2018-20669
CVE-2018-20669 affects the Linux kernel i915_gem_execbuffer2_ioctl path (drivers/gpu/drm/i915/i915_gem_execbuffer.c) up to kernel 4.19.13. A local attacker can craft an IOCTL call that fails address checks (address provided to access_ok() is not checked), enabling overwriting arbitrary kernel mem...