6634 matches found
Spoofing
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix pte update for kernel memory on radix When adding a PTE a ptesync is needed to order the update of the PTE with subsequent accesses otherwise a spurious fault may be raised. radixsetpteat does not do this for...
UBUNTU-CVE-2021-47034
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix pte update for kernel memory on radix When adding a PTE a ptesync is needed to order the update of the PTE with subsequent accesses otherwise a spurious fault may be raised. radixsetpteat does not do this for...
CVE-2021-47034 powerpc/64s: Fix pte update for kernel memory on radix
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix pte update for kernel memory on radix When adding a PTE a ptesync is needed to order the update of the PTE with subsequent accesses otherwise a spurious fault may be raised. radixsetpteat does not do this for...
CVE-2021-47034
CVE-2021-47034 affects the Linux kernel on powerpc/64s with radix paging. Root cause: radix__set_pte_at() omits a ptesync when updating a PTE, risking out-of-order updates for kernel memory and spurious faults during patching. The fix adds a ptesync path in flush_cache_vmap() (to be invoked when ...
DEBIAN-CVE-2021-46930
In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix listhead check warning This is caused by uninitialization of listhead. BUG: KASAN: use-after-free in listdelentryvalid+0x34/0xe4 Call trace: dumpbacktrace+0x0/0x298 showstack+0x24/0x34 dumpstack+0x130/0x1a8...
RHEL 7 : kernel (RHSA-2024:0980)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0980 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in l2capconnect...
kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...
Siemens SIMATIC CP products Improper Access Control (CVE-2023-37194)
A vulnerability has been identified in SIMATIC CP 1604 All versions, SIMATIC CP 1616 All versions, SIMATIC CP 1623 All versions, SIMATIC CP 1626 All versions, SIMATIC CP 1628 All versions. The kernel memory of affected devices is exposed to user-mode via direct memory access DMA which could allow...
kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...
CVE-2022-23085
A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...
CVE-2022-23088
The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode i.e., not associated with a SSID a malicious beacon frame may overwrite kernel memory, leading to remote code...
CVE-2022-23088
The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode i.e., not associated with a SSID a malicious beacon frame may overwrite kernel memory, leading to remote code...
CVE-2022-23085
A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...
CVE-2022-23084
The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...
Design/Logic Flaw
A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...
Heap overflow
The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode i.e., not associated with a SSID a malicious beacon frame may overwrite kernel memory, leading to remote code...
Memory corruption
The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...
CVE-2022-23085 Potential jail escape vulnerabilities in netmap
A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...
CVE-2022-23085
CVE-2022-23085 arises from an insufficient bounds check: a user-provided integer option passed to netmap’s nmreq_copyin() could overflow, risking kernel memory corruption. Documents in the FreeBSD Netmap advisory SA-22:04 and related CVE records confirm the flaw in the netmap component, enabling ...
CVE-2022-23084 Potential jail escape vulnerabilities in netmap
The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...