8 matches found
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6767-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6767-1 advisory. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of- bounds read vulnerability. An attacker...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2024-053 (ALASKERNEL-5.10-2024-053)
The version of kernel installed on the remote host is prior to 5.10.210-201.852. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-053 advisory. dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-051)
The version of kernel installed on the remote host is prior to 5.10.210-201.852. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-051 advisory. dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets...
Important: kernel
Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 A flaw was found in the smb client in the Linux kernel. A...
CVE-2023-52435
A flaw was found in the Linux kernel’s net/core/skbuff.c subsystem. The GSOBYFRAGS is a forbidden value and allows the following computation in skbsegment to reach it. The : mss = mss partialsegs and many initial mss values can lead to a bad final result. Limit the segmentation so that the new ms...
CVE-2023-52435
In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the following computation in skbsegment can reach it quite easily : mss = ms...
CVE-2023-52435 net: prevent mss overflow in skb_segment()
In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the following computation in skbsegment can reach it quite easily : mss = ms...
CVE-2023-52435
CVE-2023-52435 affects the Linux kernel’s net/ skb_segment() and can overflow MSS when computing mss = mss * partial_segs, risking a crash (e.g., GSO_BY_FRAGS) and triggering NULL pointer dereferences in some traces. The fix adds a guard to ensure the new MSS is smaller than GSO_BY_FRAGS, prevent...