995 matches found
SUSE CVE-2016-9756
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...
PT-2023-35090 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.7 Description: A bug was fixed in the Linux Kernel that occurs when unloading amdgpu. The actual impact and attack plausibility of this issue have not yet been proven. Recommendations: For Linux Kernel...
io_uring Same Type Object Reuse Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...
GSD-2023-1000895 ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
ext4: fix kernel BUG in 'ext4writeinlinedataend' This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...
PT-2023-33559 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: The issue is related to a use-after-free UAF bug in the run timer softirq function. The actual impact and attack plausibility have not yet been proven. It was introduced in version v3.2 and...
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
...
kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reservesfasize function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write...
PT-2025-49618
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-next-20221007-dirty 349 Description A flaw exists in the Linux kernel related to the handling of boot loader inodes. Specifically, a bug in the es tree search function within the ext4 filesystem can occur...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
kernel: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rxcpurmap The CI testing bots triggered the following splat: 718.203054 BUG: KASAN: use-after-free in freeirqcpurmap+0x53/0x80 718.206349 Read of size 4 at addr ffff8881bd127e00 by task...
kernel: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe function. But, the rt711-component doesn't be assigned yet. If IO error happened during initial...
kernel: RDMA/irdma: Fix sleep from invalid context BUG
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix sleep from invalid context BUG Taking the qosmutex to process RoCEv2 QP's on netdev events causes a kernel splat. Fix this by removing the handling for RoCEv2 in irdmacmteardownconnections that uses the mutex. Thi...
kernel: hv_netvsc: NULL pointer dereference in netvsc_get_ethtool_stats()
An issue was discovered in the Linux kernel through 5.16-rc6. netvscgetethtoolstats in drivers/net/hyperv/netvscdrv.c lacks check of the return value of kvmallocarray and will cause the null pointer dereference...
PT-2025-26113 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically an issue with the ath11k driver where a racing open could trigger a BUG ON in mod timer when ath11k mac op start is...
CVE-2022-42721
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers able to inject WLAN frames to corrupt a linked list and, in turn, potentially execute code...
ASB-A-238177383
In ioidentitycow of iouring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
RLSA-2022:5819 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak CVE-2022-1012 kernel: a use-after-free write in the netfilter subsystem can lead to...
kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c
A flaw was found in the sctpmakestrresetreq function in net/sctp/smmakechunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUGON issue, leading to a denial of service DOS...
ASB-A-220741611
In multiple functions of ioviter.c, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege in system libraries with no additional execution privileges needed. User interaction is not needed for exploitation...