861 matches found
CVE-2021-28972
In drivers/pci/hotplug/rpadlparsysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because...
DEBIAN-CVE-2021-28972
In drivers/pci/hotplug/rpadlparsysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because...
CVE-2021-28972
In drivers/pci/hotplug/rpadlparsysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because...
Buffer overflow
In drivers/pci/hotplug/rpadlparsysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because...
CVE-2021-28972
In drivers/pci/hotplug/rpadlparsysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because...
UBUNTU-CVE-2021-28972
In drivers/pci/hotplug/rpadlparsysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because...
CVE-2021-28972
CVE-2021-28972 affects the Linux kernel RPA PCI Hotplug driver (drivers/pci/hotplug/rpadlpar_sysfs.c) up to version 5.11.8. It is a user‑tolerable buffer overflow caused by improper handling of drc_name termination in add_slot_store/remove_slot_store, allowing userspace to write into the kernel s...
CVE-2021-28972
In drivers/pci/hotplug/rpadlparsysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because...
CVE-2021-28972
In drivers/pci/hotplug/rpadlparsysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because...
PT-2021-2511 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.8 Description: The issue is related to a user-tolerable buffer overflow in the RPA PCI Hotplug driver when writing a new device name to the driver from userspace, allowing userspace to write data to the kern...
Unbreakable Enterprise kernel security update
5.4.17-2036.104.4.el8uek - KVM: arm64: guest context in x18 instead of x29 Mihai Carabas Orabug: 32545182 5.4.17-2036.104.3.el8uek - config: enable CONFIGMLX5MPFS Brian Maly Orabug: 32249042 - net: Fix bridge enslavement failure Ido Schimmel Orabug: 32503298 - inet: do not call sublistrcv on empt...
DEBIAN-CVE-2021-28039
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has...
CVE-2021-28039
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has...
PT-2021-4229 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.9.x through 5.11.3 Description: The issue relates to misuse of guest physical addresses when a configuration has CONFIG XEN UNPOPULATED ALLOC but not CONFIG XEN BALLOON MEMORY HOTPLUG, allowing an x86 PV guest OS user ...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: locking issue in drivers/tty/ttyjobctrl.c can lead to an use-after-free CVE-2020-29661 kernel: performance counters race condition use-after-free CVE-2020-14351 kernel: ICMP rate limiting...
SUSE SLES12 Security Update : libvirt (SUSE-SU-2020:3039-1)
This update for libvirt fixes the following issues : CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. qemu: Adjust max memlock on mdev hotplug bsc1177480. Xen: Don't add dom0 twice...
SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2020:3037-1)
This update for libvirt fixes the following issues : CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. qemu: Adjust max memlock on mdev hotplug bsc1177480. Xen: Don't add dom0 twice...
Unbreakable Enterprise kernel security update
5.4.17-2036.100.6.1.el8uek - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040802 CVE-2020-8694 CVE-2020-8695 - KVM: ioapic: break infinite recursion on lazy EOI Vitaly Kuznetsov Orabug: 32066585 CVE-2020-27152 CVE-2020-27152 - x86/mitigations: Restore paranoid checks fo...
kernel: race condition caused by a malicious USB device in the USB character device driver layer
A flaw was found in the Linux kernel, where there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer. An attacker who can hotplug at least two devices of this class can cause a use-after-free situation...