170 matches found
NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0043)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum...
CVE-2020-25741
A NULL pointer dereference flaw was found in the Floppy disk emulator of QEMU. This issue occurs while transferring data via the fdctrlreaddata and fdctrlwritedata routines if the current drive has a null block pointer. This flaw allows a guest user to crash the QEMU process on the host, resultin...
kernel: integer overflow and OOB read in drivers/block/floppy.c
A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy device could call setgeometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw ma...
CVE-2019-14284
A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy disk device file /dev/fd0 through to /dev/fdN can create a situation that causes the kernel to divide by zero. This requires two consecutive ioctl calls to be issued. The...
CVE-2019-14283
A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy device could call setgeometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw ma...
UBUNTU-CVE-2020-9383
An issue was discovered in the Linux kernel 3.16 through 5.5.6. setfdc in drivers/block/floppy.c leads to a waittilready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4810)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4810 advisory. - tcp: purge write queue in tcpconnectinit Eric Dumazet Orabug: 30240134 CVE-2019-15239 - cx24116: fix a buffer overflow when checking userspace...
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1919)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The xfsbmapextentstobtree function in fs/xfs/libxfs/xfsbmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service...
SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2262-1)
The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-1125: Enable Spectre v1 swapgs mitigations bsc1139358. CVE-2018-20855: An issue was discovered in createqpcommon in drivers/infiniband/hw/mlx5/qp.c,...
Debian DLA-1885-1 : linux-4.9 security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...
openSUSE Security Update : the Linux Kernel (openSUSE-2019-1924)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-1125: Fix Spectre V1 variant memory disclosure by speculation over the SWAPGS instruction bsc1139358. - CVE-2019-10207: A NULL pointer dereference was possible i...
Security update for the Linux Kernel (important)
openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2019:1923-1 Rating: important References: 1051510 1055117 1071995 1083647 1083710 1085030 1086103 1102247 1103991 1103992 1104745 1106061 1109837 1111666 1112374 1114279 1119222 1123959 1127034 1127315...
Debian DLA-1884-1 : linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...
Debian DSA-4495-1 : linux - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2018-20836 chenxiang reported a race condition in libsas, the kernel subsystem supporting Serial Attached SCSI SAS devices, which could lead to a...
CVE-2019-14284
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setupformatparams division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make FSECTPERTRACK be zero. Next, the floppy format...
CVE-2019-14283
In the Linux kernel before 5.2.3, setgeometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy...
Integer overflow
In the Linux kernel before 5.2.3, setgeometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy...
CVE-2019-14283
In the Linux kernel before 5.2.3, setgeometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy...
CVE-2019-14283
In the Linux kernel before 5.2.3, setgeometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy...
CVE-2019-14283
In the Linux kernel before 5.2.3, setgeometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy...