USN-5518-1 linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities

It was discovered that the eBPF implementation in the Linux kernel did not properly prevent writes to kernel objects in BPFBTFLOAD commands. A privileged local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-0500 It was discovered tha...

drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.

...

kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c

An out-of-bounds OOB memory access flaw was found in the floppy driver module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability i...

MGASA-2018-0417 Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.78 and fixes at least the following security issues: An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the...

Code injection

In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function showfloppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel...