kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

CVE-2022-31603

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information...

CVE-2022-31602

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure...

CVE-2022-31602

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure...

Oracle Linux 8 : kernel (ELSA-2022-5316)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5316 advisory. - debug: lockdown kgdb Orabug: 34270802 CVE-2022-21499 - esp: limit skbpagefragrefill use to a single page Sabrina Dubroca 2062114 CVE-2022-27666 - esp...

Important: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915 For more details about the security issues, including th...

PT-2022-6186 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to the use of memory after it has been freed, which can be exploited to execute arbitrary code. The vulnerability affects the area cache get function in the...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

kernel security and bug fix update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

RLSA-2022:5316 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915 For more details about the security issues, including th...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

ALSA-2022:5344 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915...

RHEL 9 : kpatch-patch (RHSA-2022:5214)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5214 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

ALSA-2022:5267 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak CVE-2022-1012 kernel: race...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1868)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - arch/mips/net/bpfjit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs,...

NVIDIA DGX 输入验证错误漏洞

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. An input validation error vulnerability exists in NVIDIA DGX A100, which stems from incorrect validation of the SBIOS array index in IpSecDxe. An attacker could exploit this vulnerability to execute arbitrary...

RHEL 8 : kpatch-patch (RHSA-2022:4942)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4942 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fixe...