105 matches found
SUSE CVE-2012-6538
The copytouserauth function in net/xfrm/xfrmuser.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAPNETADMIN capability...
SUSE CVE-2021-39648
In gadgetdevdescUDCshow of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2023-1223)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5728-2)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5728-2 advisory. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading t...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9998)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9998 advisory. - afkey: Do not call xfrmprobealgs in parallel Herbert Xu Orabug: 34610032 CVE-2022-3028 Tenable has extracted the preceding description block directly from...
Amazon Linux 2022 : bpftool, kernel, kernel-devel (ALAS2022-2022-150)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-150 advisory. A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest V...
Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9871)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-9871 advisory. - afkey: Do not call xfrmprobealgs in parallel Herbert Xu Orabug: 34566753 CVE-2022-3028 - lockdown: also lock down previous kgdb use Daniel Thompson...
Security update for the Linux Kernel (important)
openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2022:2177-1 Rating: important References: 1055117 1061840 1065729 1103269 1118212 1153274 1154353 1156395 1158266 1167773 1176447 1177282 1178134 1180100 1183405 1188885 1195826 1196426 1196478 1196570...
CVE-2022-3028
A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...
Race condition
A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...
CVE-2022-3028
A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...
CVE-2022-3028
CVE-2022-3028 describes a race condition in the Linux kernel’s IP framework (XFRM) where concurrent calls to xfrm_probe_algs can cause an out-of-bounds read that may be copied into a socket, or an out-of-bounds write, enabling a local attacker to leak kernel memory or crash the kernel. Connected ...
CVE-2022-3028
A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...
CVE-2022-3028
A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...
CVE-2022-3028
A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...
SUSE: Security Advisory (SUSE-SU-2022:2078-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1779)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attack...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5415-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5415-1 advisory. Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically...
CVE-2022-20008
In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20008
In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for...