16 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: vdpa: Added the featuresattr attribute to vdpanlpolicy for checking the nlattr length. The vdpanlpolicy structure is used to validate the nlattr when parsing incoming nlmsg. It ensures that the described attribute produces a vali...
Linux Distros Unpatched Vulnerability : CVE-2023-3773
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges t...
Photon OS 5.0: Linux PHSA-2023-5.0-0101
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0101. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2023-3773 affecting package hyperv-daemons for versions less than 5.15.158.1-1
CVE-2023-3773 affecting package hyperv-daemons for versions less than 5.15.158.1-1. An upgraded version of the package is available that resolves this issue...
Ubuntu: Security Advisory (USN-6549-4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-6534-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-6549-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6534-1: Linux kernel vulnerabilities
It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
[SECURITY] [DSA 5492-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5492-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 09, 2023 https://www.debian.org/security/faq -...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-330)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-330 advisory. A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. CVE-2023-20588 The fix for XSA-423 added logic to Linux'es netback...
CVE-2023-3773
A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to cause a 4 byte out-of-bounds read of XFRMAMTIMERTHRESH when parsing netlink attributes, leading to potential leakage of sensitive heap...
AZL-33496 CVE-2023-3773 affecting package hyperv-daemons for versions less than 5.15.158.1-1
A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to cause a 4 byte out-of-bounds read of XFRMAMTIMERTHRESH when parsing netlink attributes, leading to potential leakage of sensitive heap...
BELL-CVE-2023-3773 CVE-2023-3773 does not affect BellSoft software
Bulletin has no description...
CVE-2023-3773 Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr
A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to cause a 4 byte out-of-bounds read of XFRMAMTIMERTHRESH when parsing netlink attributes, leading to potential leakage of sensitive heap...
CVE-2023-3773
The CVE-2023-3773 entry describes a flaw in the Linux kernel’s XFRM (IP framework) where parsing netlink attributes can trigger a 4-byte out-of-bounds read of XFRMA_MTIMER_THRESH. This could allow a malicious user with CAP_NET_ADMIN to leak sensitive heap data to userspace. The provided descripti...