EUVD-2023-59746

Malicious code in bioql PyPI...

EUVD-2023-59745

Malicious code in bioql PyPI...

CVE-2023-53464

CVE-2023-53464 affects the Linux kernel: the iscsi_tcp path in SCSI may assign values to tcp_sw_conn->sendpage and conn->datadgst_en before validating sock, risking inconsistency due to a null/invalid sock. The fix relocates the assignment so the sock is validated prior to use, as described...

CVE-2023-53464 scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Check that sock is valid before iscsisetparam The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad "scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling...

CVE-2023-52974

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during login when accessing the shost ipaddress If during iscsiswtcpsessioncreate iscsitcpr2tpoolalloc fails, userspace could be accessing the host's ipaddress attr. If we then free the session via...

CVE-2023-52974

CVE-2023-52974: Linux kernel scsi: iscsi_tcp fix UAF during login when accessing the shost ipaddress. If iscsi_sw_tcp_session_create() fails and userspace reads the host ipaddress during session teardown, a use-after-free occurs. The fix delays freeing by setting tcp_sw_host->session only afte...

CVE-2023-52974 scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during login when accessing the shost ipaddress If during iscsiswtcpsessioncreate iscsitcpr2tpoolalloc fails, userspace could be accessing the host's ipaddress attr. If we then free the session via...

CVE-2023-52974

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during login when accessing the shost ipaddress If during iscsiswtcpsessioncreate iscsitcpr2tpoolalloc fails, userspace could be accessing the host's ipaddress attr. If we then free the session via...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel, which stems from the possibility of post-release reuse of the scsi iscsitcp component when accessing the host...

CVE-2023-2162

A use-after-free vulnerability was found in iscsiswtcpsessioncreate in drivers/scsi/iscsitcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information...

CVE-2023-2162

Astra Linux security bulletin mirrors CVE-2023-2162, documenting a use-after-free in Linux kernel (iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c) that could allow a local attacker to leak kernel internal information. The Astra Linux entry identifies the affected kernel subcomponent (SCS...

GSD-2023-1002033 scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

scsi: iscsitcp: Fix UAF during login when accessing the shost ipaddress This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.93 by commit...

GSD-2023-1001872 scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress

scsi: iscsitcp: Fix UAF during logout when accessing the shost ipaddress This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...

GSD-2023-1001871 scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

scsi: iscsitcp: Fix UAF during login when accessing the shost ipaddress This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...

GSD-2022-1007058 scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()

scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling getpeername This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...

Unbreakable Enterprise kernel security update

4.1.12-124.14.2 - scsi: iscsitcp: set BDICAPSTABLEWRITES when data digest enabled Jianchao Wang Orabug: 27726302 - block: fix biowillgap for first bvec with offset Ming Lei Orabug: 27775588 - block: relax check on sg gap Ming Lei Orabug: 27775588 - block: don't optimize for non-cloned bio in...

kernel security and bug fix update

2.6.32-131.21.1.el6 - net ipv6/udp: fix the wrong headroom check Thomas Graf 753167 698170 2.6.32-131.20.1.el6 - net vlan: fix panic when handling priority tagged frames Andy Gospodarek 742849 714936 CVE-2011-3593 - netdrv igb: fix WOL on second port of i350 device Frantisek Hrbata 743807 718293 ...