19 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect use of the cleanupkfree attribute in the crypto/ccp driver. This improper usage...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Use kzalloc for sev ioctl interfaces to prevent kernel memory leaks. For some sev ioctl interfaces, input data may be less than or equal to SEVFWBLOBMAXSIZE, but larger than the data returned by the PSP firmware. In...
CVE-2026-31698
A flaw was found in the Linux kernel's crypto subsystem, specifically within the ccp driver. A local user could exploit this vulnerability when attempting to retrieve the Platform DH PDH certificate. If a firmware command fails due to an invalid length, the driver may attempt to copy data to...
CVE-2026-31697
A flaw was found in the Linux kernel's crypto: ccp driver. A local user could exploit this vulnerability by attempting to retrieve the CPU ID when a firmware command fails due to an invalid length. This can cause an overflow of a kernel-allocated buffer, leading to the disclosure of sensitive...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-006570)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006570 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIGCRYPTODEVCCPDEBUGFS is...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993105)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993105 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioc...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-399525)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-399525 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in sevplatformshutdownlocked The SEV platform device c...
EUVD-2022-55484
Malicious code in bioql PyPI...
PT-2025-36410
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue where an uninitialized error pointer is dereferenced within the crypto/ccp module. This issue was identified and addressed by fixing smatch warnings ...
UBUNTU-CVE-2025-38581
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIGCRYPTODEVCCPDEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '0000:0a:00.2' /sys/bus/pci/drivers/ccp/unbind $ echo '0000:0a:00.2'...
CVE-2022-50226
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...
CVE-2022-50226 crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...
PT-2025-26152 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A kernel memory leak issue has been identified in the Linux kernel's crypto subsystem, specifically in the ccp driver. The problem occurs when input passed to certain sev ioctl...
SUSE CVE-2024-43874
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in sevsnpshutdownlocked Fix a null pointer dereference induced by DEBUGTESTDRIVERREMOVE. Return from sevsnpshutdownlocked if the pspdevice or the sevdevice structs are not initialized...
kernel: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...
[SECURITY] [DLA 2941-1] linux-4.19 security update
Debian LTS Advisory DLA-2941-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings March 09, 2022 https://wiki.debian.org/LTS Package : linux-4.19 Version : 4.19.232-1deb9u1 CVE ID : CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744 CVE-2021-3752 CVE-2021-3760...
USN-5164-1: Linux kernel vulnerabilities
It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-37159 It was discovered that th...
USN-5161-1: Linux kernel vulnerabilities
Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the AMD...
USN-5140-1: Linux kernel (OEM 5.14) vulnerabilities
It was discovered that the AMD Cryptographic Coprocessor CCP driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3744, CVE-2021-3764 It was discovered that an integer...