7 matches found
MiracleLinux 9 : kernel-5.14.0-570.12.1.el9_6 (AXSA:2025-10392:38)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10392:38 advisory. kernel: drm: nv04: Fix out of bounds access CVE-2024-27008 kernel: Bluetooth: Fix use-after-free bugs caused by scosocktimeout CVE-2024-27398 kerne...
Linux Distros Unpatched Vulnerability : CVE-2024-36880
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and...
USN-6950-4: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - Block layer subsystem; - Bluetooth drivers; - Clock framework and...
Ubuntu 20.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6950-4)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6950-4 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...
USN-6957-1: Linux kernel (Oracle) vulnerabilities
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...
Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6957-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6957-1 advisory. Benedict Schlter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and...
CVE-2024-36880
CVE-2024-36880 details (from provided documents): In the Linux kernel, a Bluetooth subsystem issue in the qca firmware parsing was resolved by adding missing sanity checks for firmware files before download, to prevent memory access violations beyond the allocated vmalloc buffer. This vulnerabili...