8 matches found
Siemens SCALANCE and RUGGEDCOM Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-39499)
vmci: speculation leaks by sanitizing event in eventdeliver. eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization, leading to information leaks. This plugin only works with Tenable.ot. Please visit...
Linux Distros Unpatched Vulnerability : CVE-2024-39499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is pass...
RHEL 9 : kernel (RHSA-2024:11313)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:11313 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: hwmon: w83793 Fix NULL pointe...
Unbreakable Enterprise kernel security update
4.1.12-124.92.3 - memcgwriteeventcontrol: fix a user-triggerable oops Al Viro Orabug: 37070674 CVE-2024-45021 - ocfs2: fix races between hole punching and AIO+DIO Su Yue Orabug: 36835819 CVE-2024-40943 4.1.12-124.92.2 - fbdev: savage: Handle err return when savagefbcheckvar failed Cai Xinchen...
CVE-2024-39499
A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks. Mitigation Mitigation for this issue is either no...
CVE-2024-39499
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
CVE-2024-39499
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
CVE-2024-39499
CVE-2024-39499 (Linux kernel, vmci): The vulnerability allows speculative leaks via event_deliver() because user-controlled event_msg->event_data.event was used as an index without sanitization. The fix sanitizes the index to mitigate speculative information leaks. The issue is exploitable loc...