MiracleLinux 9 : opensc-0.23.0-3.el9_3 (AXSA:2024-7337:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7337:01 advisory. OpenSC: Potential PIN bypass when card tracks its own login state CVE-2023-40660 OpenSC: multiple memory issues with pkcs15-init enrollment tool...

Security update for libva

This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: CVE-2023-39929: uncontrolled search path may allow an authenticated user to escalate privilege via local access bsc1224413, jscPED-11066 This includes latest version of one of the...

CVE-2023-53037 scsi: mpi3mr: Bad drive in topology results kernel crash

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash When the SAS Transport Layer support is enabled and a device exposed to the OS by the driver fails INQUIRY commands, the driver frees up the memory allocated for an interna...

CVE-2023-53003

In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llccdrivdata as edacdevicectlinfo's pvtinfo The memory for llccdrivdata is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the...

Linux Distros Unpatched Vulnerability : CVE-2021-47049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drivers: hv: vmbus: Use after free in vmbusopen The openinfo variable is added to the &vmbusconnection.chnmsglist, but the error handling frees openinfo without...

Buffer overflow

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIRMACAUTHCHALLENGELENGTH is set to 128 which may result in buffer overflow since the frame parser allows challenge text of length up to 253 bytes, but the drive...