44 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in the guest XSAVE state whenever XFDi=1 When loading the guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, the disabled features in XSTATEBV are cleared to ensure tha...
CVE-2023-53749
CVE-2023-53749 is discussed across multiple sources as a Linux kernel issue: the x86 memory-clearing path in clear_user_rep_good() had incorrect exception-table annotations, which could lead to a kernel oops instead of -EFAULT when a user-space access faults. Upstream fixes remove the problematic...
Ubuntu 24.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-7789-1)
"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7789-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...
PT-2025-37196
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the mm/kmemleak component where the kmemleak do cleanup function could lead to a soft lockup. This issue was observed on x86-64 systems with 16 GB o...
The vulnerability of the `core::fmt::write()` function in the arch/x86/Kconfig module of Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the core::fmt::write function in the arch/x86/Kconfig module of Linux kernels is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability in the arch/x86/kernel/fpu/regset.c component of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability in the arch/x86/kernel/fpu/regset.c component of the Linux operating system is related to data type conversion errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
USN-7510-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Network block device...
USN-7381-1: Linux kernel (Low Latency) vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
The vulnerability of the nested_svm_get_tdp_pdptr() function in the arch/x86/kvm/svm/nested.c module of the Linux operating system allows a attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the nestedsvmgettdppdptr function in the arch/x86/kvm/svm/nested.c module of the Linux operating system is related to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of the protect...
USN-7289-4: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - GPU drivers; - HID subsystem; -...
USN-7305-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - GPU drivers; - HID subsystem; -...
USN-7166-3: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI...
USN-7089-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...
USN-7029-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 It was discovered that the JFS file system contained an...
USN-7003-3: Linux kernel vulnerabilities
It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service system crash. CVE-2024-40902 Several security issues were discovered in the Linux kernel. An attacker could...
USN-7004-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 It was discovered that the JFS file system contained an...
kernel: x86: stop playing stack games in profile_pc()
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...
x86/bhi: Avoid warning in #DB handler due to BHI mitigation
...
USN-6895-1: Linux kernel vulnerabilities
It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the HugeTLB file syst...
SUSE CVE-2020-12768
An issue was discovered in the Linux kernel before 5.6. svmcpuuninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will...