Lucene search
K

188 matches found

OSV
OSV
added 2024/12/06 10:15 a.m.8 views

UBUNTU-CVE-2024-53142

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

7.8CVSS6.4AI score0.00245EPSS
Exploits0References41
Cvelist
Cvelist
added 2024/12/06 9:37 a.m.29 views

CVE-2024-53142 initramfs: avoid filename buffer overrun

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

0.00245EPSS
Exploits0References9
OSV
OSV
added 2024/12/06 9:37 a.m.15 views

CVE-2024-53142 initramfs: avoid filename buffer overrun

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

7.8CVSS6.5AI score0.00245EPSS
Exploits0References14
CVE
CVE
added 2024/12/06 9:37 a.m.247 views

CVE-2024-53142

CVE-2024-53142: Linux kernel initramfs fix for filename buffer overrun. Root cause: during initramfs cpio extraction, the do_name() path passed a non-zero-terminated filename to kernel file operations, allowing trailing bytes from uninitialized memory to be incorporated into a created path. Impac...

7.8CVSS6.9AI score0.00245EPSS
Exploits0References11Affected Software1
Filippo.io
Filippo.io
added 2024/12/05 9:26 p.m.23 views

frood, an Alpine initramfs NAS

My NAS, frood, has a bit of a weird setup. It’s just one big initramfs containing a whole Alpine Linux system. It’s delightful and I am not sure why it’s not more common. As long as the bootloader can find the kernel and initramfs, the machine comes up cleanly. A/B deployments and rollbacks are...

7.4AI score
Exploits0
OSV
OSV
added 2024/08/20 8:29 p.m.11 views

GO-2023-1622 Constellation allows Emergency shell access during initramfs boot phase in github.com/edgelesssys/constellation

Constellation allows Emergency shell access during initramfs boot phase in github.com/edgelesssys/constellation...

7.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/08/13 12:7 p.m.206 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS7.1AI score0.02701EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.11 views

RHEL 7 : dracut (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - dracut: Brute force attack on LUKS password decryption via initramfs CVE-2016-4484 Note that Nessus has not tested...

6.8CVSS6.8AI score0.00709EPSS
Exploits5References1
OSV
OSV
added 2024/04/26 11:7 a.m.4 views

OESA-2024-1509 ignition security update

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

7.5CVSS6.7AI score0.04561EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2023/10/24 12:0 a.m.44 views

linux-firmware security update

20230516-999.27.git6c9e0ed5.el9 - Update firmware for qat4xxx devices Orabug: 35811008 20230516-999.26.git6c9e0ed5.el9 - Run dracut -f in %posttrans instead of %post Orabug: 35661938 - Drop latest AMD microcode commits to family 19 file to include Milan microcode but not Genoa Orabug: 35708511...

1.7CVSS6.8AI score0.05794EPSS
Exploits1
Oracle linux
Oracle linux
added 2023/08/08 12:0 a.m.46 views

linux-firmware security update

20230516-999.25.git6c9e0ed5.el7 - Add missing amd-ucode/ files to nano rpm Orabug: 35642190 - Add posttrans scriptlet to reload microcode on AMD Orabug: 35636951 - Recreate initramfs for AMD systems Orabug: 35636951 20230516-999.24.git6c9e0ed5.el7 - 8a07fa49 linux-firmware: Update AMD fam19h cpu...

4.7CVSS6.7AI score0.0616EPSS
Exploits1
Oracle linux
Oracle linux
added 2023/08/08 12:0 a.m.44 views

linux-firmware security update

20230516-999.25.git6c9e0ed5.el7 - Add missing amd-ucode/ files to nano rpm Orabug: 35642190 - Add posttrans scriptlet to reload microcode on AMD Orabug: 35636951 - Recreate initramfs for AMD systems Orabug: 35636951 20230516-999.24.git6c9e0ed5.el7 - 8a07fa49 linux-firmware: Update AMD fam19h cpu...

4.7CVSS6.7AI score0.0616EPSS
Exploits1
Oracle linux
Oracle linux
added 2023/08/08 12:0 a.m.42 views

linux-firmware security update

20230516-999.25.git6c9e0ed5.el8 - Add missing amd-ucode/ files to nano and core rpm Orabug: 35642190 - Add posttrans scriptlet to reload microcode on AMD Orabug: 35636951 - Recreate initramfs for AMD systems Orabug: 35636951 20230516-999.24.git6c9e0ed5.el7 - 8a07fa49 linux-firmware: Update AMD...

4.7CVSS6.6AI score0.0616EPSS
Exploits1
OSV
OSV
added 2023/03/09 8:21 p.m.18 views

GHSA-6W5F-5WGR-QJG5 Constellation allows Emergency shell access during initramfs boot phase

Impact An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM. Patches The issue has been patched in v2.6.0. Workarounds none...

7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/03/09 8:21 p.m.14 views

Constellation allows Emergency shell access during initramfs boot phase

Impact An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM. Patches The issue has been patched in v2.6.0. Workarounds none...

5.5AI score
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.4 views

SUSE CVE-2012-4453

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information...

2.1CVSS6.6AI score0.00364EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.3 views

SUSE CVE-2016-8637

A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryptio...

5CVSS7.2AI score0.00309EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.4 views

SUSE CVE-2019-13179

Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /cryptokeyfile.bin mode 0600 owned by root to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption...

7.5CVSS7.5AI score0.02088EPSS
Exploits1References3
Rockylinux
Rockylinux
added 2023/01/12 8:25 a.m.21 views

dracut bug fix and enhancement update

An update is available for dracut. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dracut packages contain an event-driven initial RAM file system initramfs...

1.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/11/15 3:14 p.m.28 views

Moderate: Red Hat Security Advisory: ignition security, bug fix, and enhancement update

An update for ignition is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References7
Rows per page
Query Builder