32 matches found
EUVD-2018-10279
Malware in sbrugna...
EUVD-2020-23274
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-48839
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/packet: fix slab-out-of-bounds access in packetrecvmsg syzbot found that when an AFPACKET socket is using PACKETCOPYTHRESH and mmap operations, tpacketrcv i...
CVE-2024-50186
In the Linux kernel, the following vulnerability has been resolved: net: explicitly clear the sk pointer, when pf-create fails We have recently noticed the exact same KASAN splat as in commit 6cd4a78d962b "net: do not leave a dangling sk pointer, when socket creation fails". The problem is that...
CentOS 7 : kernel-alt (RHSA-2020:0174)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0174 advisory. - In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket...
CVE-2022-48839
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packetrecvmsg syzbot found that when an AFPACKET socket is using PACKETCOPYTHRESH and mmap operations, tpacketrcv is queueing skbs with garbage in skb-cb, triggering a too big copy 1...
CVE-2022-48651 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKET socket is used to send packets through ipvlan and the default xmit function of the AFPACKET socket is changed from devqueuexmit to packetdirectxmit via...
CVE-2022-48651 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKET socket is used to send packets through ipvlan and the default xmit function of the AFPACKET socket is changed from devqueuexmit to packetdirectxmit via...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2022-009 (ALASKERNEL-5.15-2022-009)
The version of kernel installed on the remote host is prior to 5.15.73-48.135. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-009 advisory. A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root...
CVE-2021-22600
A double-free flaw was found in the Linux kernel’s packet protocol subsystem in the way a user call triggers the packetsetring function of the net/packet/afpacket.c. This flaw allows a local user to crash or escalate their privileges on the system. Mitigation Only users with access to the AFPACKE...
CVE-2020-35608
A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AFPACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses...
CVE-2020-35608
A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AFPACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses...
CVE-2020-35608
Summary (verified) : CVE-2020-35608 affects Microsoft Azure Sphere 20.07. Affected component: the normal world’s signed code execution path. Root cause : a specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. Impact : local code ...
CVE-2018-18559
A use-after-free flaw can occur in the Linux kernel due to a race condition between packetdobind and packetnotifier functions called for an AFPACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a...
F5 Networks BIG-IP : Linux kernel vulnerability (K28241423)
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain...
NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Vulnerability (NS-SA-2019-0055)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by a vulnerability: - A use-after-free flaw can occur in the Linux kernel due to a race condition between packetdobind and packetnotifier functions called for an AFPACKET socke...
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000026 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the improper validation of user-supplied input by the bnx2x...
EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1244)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA drive...
CVE-2018-18559
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain...
CVE-2018-18559
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain...