1576 matches found
CVE-2022-21499
A flaw was found in the kernel/debug/debugcore.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously. Mitigation Mitigation for this issue is either not available or the currently available options don...
CVE-2022-21499
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...
CVE-2022-21499
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...
CVE-2022-21499
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...
DEBIAN-CVE-2022-21499
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...
Design/Logic Flaw
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...
CVE-2022-21499
CVE-2022-21499: KGDB/KDB can read/write kernel memory if lockdown is triggered; attacker with serial-port access could trigger debugger. Connected advisories reiter the risk and note the need to ensure lockdown mode is respected, but do not specify a patched version or remediation beyond that. Th...
CVE-2022-21499
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...
CVE-2022-21499
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...
Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5465-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5465-1 advisory. It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged...
Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5470-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5470-1 advisory. It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker cou...
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5471-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5471-1 advisory. It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged...
LSN-0086-1: Kernel Live Patch Security Notice
It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2021-39713 Yiqi Sun and Kevin Wang...
GtkRadiant 1.6.6 Buffer Overflow
===== Intro ===== GtkRadiant is a cross-platform level editor software for idtech game engines such as Quake. It comes with data authoring tools and a BSP map compiler called q3map2 which parses MAP files. The code has been around for a long time and uses unsafe string copy and format functions. ...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this...
Linux kernel 缓冲区错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a buffer error vulnerability. An attacker exploits this vulnerability to bypass Linux kernel restrictions via a debugger in order to elevate his...
UBUNTU-CVE-2022-21499
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...
CVE-2022-21499
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9425)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9425 advisory. - iouring: always use original task when preparing req identity Jens Axboe Orabug: 34186552 CVE-2022-1786 Tenable has extracted the preceding...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9426)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9426 advisory. - iouring: always use original task when preparing req identity Jens Axboe Orabug: 34186552 CVE-2022-1786 Tenable has extracted the preceding...