Linux Distros Unpatched Vulnerability : CVE-2022-49030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: libbpf: Handle size overflow for ringbuf mmap The maximum size of ringbuf is 2GB on x86-64...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unfreezing skb memory, which could lead to a memory leak...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unfreezing test buffer memory, which could lead to a memory leak...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the reuse of skb memory after release in the canrestart function...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the reuse of skb memory after release in the peakusb driver...

PT-2025-3042 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.2 watchOS versions prior to 11.2 tvOS versions prior to 18.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 Description: The issue is related to a buffer memory out-of-bounds write. It may allow an attacke...

CVE-2022-48923 btrfs: prevent copying too big compressed lzo segment

In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have allocated for buffer. This will cause memcpy in copycompressedsegment to write outside of allocated...

ALSA-2024:4583 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: TIPC message reassembly use-after-free remote code execution vulnerability CVE-2024-36886 kernel: ethernet: hisilicon: hns: hnsdsafmisc: fix a possible array overflow in hnsdsafgesrstbypo...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unaligned event ring read pointer, leading to issues such as a denial of service DoS or ring buffer memor...

AZL-32253 CVE-2023-4641 affecting package shadow-utils for versions less than 4.9-14

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

Design/Logic Flaw

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon mgd process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU...

PT-2023-6398 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation V2201 versions prior to V2201.0009 Tecnomatix Plant Simulation V2302 versions prior to V2302.0003 Description: The issue is related to an out of bounds read past the end of an allocated structure while parsing...

SUSE CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

CVE-2022-25717

CVE-2022-25717 corresponds to a memory corruption issue in the Qualcomm display path caused by a double-free when allocating frame buffer memory. Affected component is the display subsystem (Qualcomm/Snapdragon) with the root cause in the frame buffer allocation flow. The vulnerability is documen...

CLSA-2022-1669240259 vim: Fix of CVE-2022-3352

CVE-2022-3352: disallow deleting the current buffer to avoid using freed memory...

kernel: igb: fix a use-after-free issue in igb_clean_tx_ring

A vulnerability was found in the Linux kernel in the Intel igb driver function igbcleantxring when running in XDP mode. A use-after-free issue can arise from attempting to free skb memory using devkfreeskbany. This issue potentially leads to system instability and memory corruption...

USN-5219-1 linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oem-5.10, linux-oracle, linux-oracle-5.11, linux-raspi vulnerability

It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

CLSA-2021-1637673150 Fix of CVE: CVE-2021-3903, CVE-2021-3875, CVE-2021-3872

CVE-2021-3872: fix illegal memory access if buffer name is very long - CVE-2021-3875: fix mlget error after search with range - CVE-2021-3903: fix invalid memory access when scrolling without a valid screen...

CVE-2021-1614

A vulnerability in the Multiprotocol Label Switching MPLS packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed MPLS packets that...

Cisco SD-WAN Software Information Disclosure Vulnerability

A vulnerability in the Multiprotocol Label Switching MPLS packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed MPLS packets that...