CVE-2026-46064

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...

CVE-2026-46064

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...

CVE-2026-46064

ibmasm: fix heap over-read in ibmasmsendi2omessage...

Linux Distros Unpatched Vulnerability : CVE-2026-46064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this...

Linux Distros Unpatched Vulnerability : CVE-2023-2007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3599-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3971-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3971-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3971-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. Th...

SUSE SLES15 Security Update : kernel (SUSE-SU-2023:3600-2)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3600-2 advisory. The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3683-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3683-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. Th...

CVE-2023-2007

A time-of-check time-of-use TOCTOU information disclosure vulnerability was found in the Linux Kernel DPT I2O controller. This issue results from the lack of proper locking when performing operations on an object, allowing a privileged local user to escalate privileges and execute arbitrary code ...

OESA-2023-1277 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to...

CVE-2023-2007

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the...

AZL-26377 CVE-2023-2007 affecting package kernel for versions less than 5.15.126.1-1

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the...

CVE-2023-2007

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the...

Design/Logic Flaw

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the...

CVE-2023-2007

CVE-2023-2007 affects the DPT I2O Controller driver in the Linux kernel. The issue arises from missing locking during object operations, enabling a local attacker to escalate privileges and execute arbitrary code in kernel context. Public references in Unity Linux (UTSA-2026-004778) and multiple ...

SUSE CVE-2023-2007

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the...

Linux Kernel DPT I2O Controller Time-Of-Check Time-Of-Use Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DPT I2O...

Microsoft Windows智能输入/输出（I2O）本地权限提升漏洞

BUGTRAQ ID: 29171 CVECAN ID: CVE-2008-0322 Windows是微软发布的非常流行的操作系统。 i2omgmt.sys是Windows所使用的智能输入/输出（I2O）工具过滤器驱动。Windows XP操作系统所捆绑的i2omgmt.sys驱动对\.\I2OExc设备接口设置了Everyone写权限，因此任何本地登录的用户都可以访问仅为特权用户设计的功能。此外，该设备接口的IOCTL处理器没有正确地验证用户态缓冲区输入，攻击者可以向用户态地址提供伪造的DeviceObject指针，导致覆盖任意内存，以内核权限执行任意指令。 Microsoft...