kernel: ath11k: Fix frames flush failure caused by deadlock

In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: 25393.301506 ath11kpci 0000:01:00.0: failed to flush mgmt transmit queue 0 kernel: 25398.421509 ath11kpci 0000:01:00.0: failed to flush mgm...

PT-2022-6688 · Netbotz 4 · Netbotz 4

Name of the Vulnerable Software and Affected Versions: NetBotz 4 versions 4.7.0 and prior Description: A vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. This issue is related to improper...

Denial of Service (DoS)

Overview apple/swift-nio-http2 is a HTTP/2 support for SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS. This can be caused by a network peer sending ALTSVC or ORIGIN frames, due to a logical error after frame parsing but before frame handling. Details Denial of...

Denial of Service (DoS)

Overview apple/swift-nio-http2 is a HTTP/2 support for SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS. This can be caused by a network peer sending a specially crafted HTTP/2 frame, due to a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSHPROMISE fra...

SUSE SLED15: cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc (SUSE-SU-2022:3844-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3844-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: -...

Ubuntu 20.04 LTS / 22.04 LTS : backport-iwlwifi-dkms vulnerabilities (USN-5708-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5708-1 advisory. Snke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer...

CVE-2022-2741

The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node this can easily be guessed based on CAN traffic analyses. The frame must contain th...

The vulnerability of the Frames component in Google Chrome browsers allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Frames component in Google Chrome browsers relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information through a specially crafted HTML page...

SUSE: Security Advisory (SUSE-SU-2022:3704-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2022-2017 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary da...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5691-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5691-1 advisory. David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a...

CVE-2022-25748

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,...

Buffer overflow

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

Integer overflow

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,...

CVE-2022-25749

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

CVE-2022-25748

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,...

SUSE SLES15: kernel-livepatch-5_14_21-150400_22-default / etc (SUSE-SU-2022:3628-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3628-1 advisory. This update for the Linux Kernel 5.14.21-15040022 fixes several issues. The following security issues were fixed: - CVE-2022-41674: Fixed buffe...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5692-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5692-1 advisory. David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a...

In the Linux kernel 5.8 through 5.19.x before 5.19.16 local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.

...

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and in turn potentially execute code.

...