CVE-2022-50222 tty: vt: initialize unicode screen buffer

In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcsread 1, for buffer can be read immediately after resize operation. Initialize buffer using kzalloc. ---------- include include include include int...

CVE-2023-53035

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfsioctlwrapcopy The ioctl helper function nilfsioctlwrapcopy, which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space memory for read-only ioctl...

CVE-2022-49788

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

CVE-2022-49865 ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network

In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a struct ifaddrlblmsg to the network, ifalreserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMSAN: kernel-network-infoleak...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50110)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50110 advisory. - In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in al...

CVE-2022-48855 sctp: fix kernel-infoleak for SCTP sockets

In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak 1 of 4 bytes. After analysis, it turned out r-idiagexpires is not initialized if inetsctpdiagfill calls inetdiagmsgcommonfill Make sure to clear...

Unbreakable Enterprise kernel security update

4.1.12-124.67.3 - media: imon: Fix null-ptr-deref in imonprobe Arvind Yadav Orabug: 31225377 CVE-2017-16537 - fbcon: remove soft scrollback code Linus Torvalds Orabug: 31914703 CVE-2020-14390 - inet: use bigger hash table for IP ID generation Eric Dumazet Orabug: 33778986 CVE-2021-45486 - ipv4:...

Unbreakable Enterprise kernel security update

kernel-uek 4.1.12-61.1.27 - vfio/pci: Fix integer overflows, bitmask check Vlad Tsyrklevich Orabug: 25164094 CVE-2016-9083 CVE-2016-9084 - Don't feed anything but regular iovec's to blkrqmapuseriov Linus Torvalds Orabug: 25231931 CVE-2016-9576 - kvm: x86: Check memopp before dereference...