296 matches found
CVE-2022-25334
CVE-2022-25334 relates to the Texas Instruments OMAP L138 (secure variants) TEE. The mask ROM SK_LOAD routine has no bounds check on the signature size, so a module with a large signature can overflow the stack and enable arbitrary code execution in the secure supervisor context by overwriting a ...
AZL-27970 CVE-2023-4394 affecting package kernel for versions less than 5.15.131.1-2
A use-after-free flaw was found in btrfsgetdevargsfrompath in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information...
UBUNTU-CVE-2023-4394
A use-after-free flaw was found in btrfsgetdevargsfrompath in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information...
UBUNTU-CVE-2023-33951
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...
UBUNTU-CVE-2023-3567
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a memory misreference vulnerability that originates from a mix-up in the instruction vcsread responsible for freeing memory. An attacker could...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a memory misreference vulnerability that originates from a confusion in the instruction nfcllcpfindlocal responsible for freeing memory in NFC's...
SUSE CVE-2023-3567
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
[Important] [Security] Virtuozzo ReadyKernel Patch 157.3 for Virtuozzo Hybrid Server 7.5
The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5. Vulnerability id: PSBM-147036 3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4 Partial fix to prevent memory leak for some cases in the...
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
...
SUSE CVE-2023-3397
A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information...
CVE-2023-0459
A vulnerability was found in copyfromuser in 64-bit versions of the Linux kernel. This flaw allows a local attacker to bypass the "accessok" sanity check and pass a kernel pointer to copyfromuser, resulting in kernel data leaking. Mitigation Mitigation for this issue is either not available or th...
Linux kernel 缓冲区错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a buffer overflow vulnerability that originates from an out-of-bounds memory access in relayfilereadstartpos. A local attacker could exploit this...
kernel: tcp: Fix a data-race around sysctl_tcp_probe_threshold.
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpprobethreshold. While reading sysctltcpprobethreshold, it can be changed concurrently. Thus, we need to add READONCE to its reader...
kernel: sysctl: Fix data-races in proc_dou8vec_minmax().
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in procdou8vecminmax. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that can be exploited by a local user to disclose sensitive information from the kernel if the CPU does not implement SMAP or has SMAP disabled...
AZL-26142 CVE-2023-1855 affecting package hyperv-daemons for versions less than 5.15.107.1-1
A use-after-free flaw was found in xgenehwmonremove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver xgene-hwmon. This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem...
Xen 资源管理错误漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen suffers from a security vulnerability th...
kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution...
SUSE CVE-2007-6417
The shmemgetpage function mm/shmem.c in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service crash...