[SECURITY] Fedora 40 Update: orc-0.4.39-1.fc40

Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic...

The vulnerability of the `allocate_structures` function in the sysstat system performance monitoring and analysis tool allows a attacker to execute arbitrary code or cause service interruptions.

The vulnerability of the allocatestructures function in the sysstat system performance monitoring and analysis tool is related to insufficient checking of boundaries before arithmetic multiplication. This allows the buffer allocated for representing system actions to overflow. Exploiting this...

Vulnerability of ASoC components: mediatek’s Linux operating system kernels, which allow attackers to cause malfunctions during maintenance operations.

Vulnerability of ASoC components: mediatek’s Linux operating system kernels are vulnerable to pointer arithmetic errors. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the alauda_init_media() function in Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the alaudainitmedia function in Linux operating systems is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

SUSE CVE-2024-38579

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

CVE-2024-38579

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

CVE-2024-38579

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

UBUNTU-CVE-2024-38579

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

CVE-2024-38579

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

CVE-2024-38579

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

CVE-2024-38579 crypto: bcm - Fix pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

CVE-2024-38579

CVE-2024-38579 : Linux kernel vulnerability in crypto: bcm where spu2_dump_omd() increments ptr by ciph_key_len instead of hash_iv_len, risking buffer overrun. Root cause: incorrect pointer arithmetic in bcm cryptographic path. Affects the kernel crypto module, potential memory safety impact. Fix...

CVE-2024-38579 crypto: bcm - Fix pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

CVE-2024-38579 crypto: bcm - Fix pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

RHEL 9 : leptonica (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - leptonica: arithmetic exception leads to denial of service CVE-2022-38266 Note that Nessus has not tested for this...

RHEL 9 : protobuf-c (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - protobuf-c: invalid arithmetic shift via the function parsetagandwiretype may lead to DoS CVE-2022-33070 Note that...

USN-6736-2 klibc vulnerabilities

USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibl...

USN-6736-2: klibc vulnerabilities

USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibl...

Ubuntu 24.04 LTS : klibc vulnerabilities (USN-6736-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6736-2 advisory. USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding...

kernel: local privileges escalation in kernel/bpf/verifier.c

A flaw was found in the Linux kernel's adjustptrminmaxvals in the kernel/bpf/verifier.c function. In this flaw, a missing sanity check for ORNULL pointer types that perform pointer arithmetic may cause a kernel information leak issue...