6633 matches found
CVE-2023-32389
CVE-2023-32389 is an Apple kernel memory disclosure vulnerability affecting multiple Apple platforms (iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4). The issue is described as an information disclosure that could allow an app to disclose kernel memory. The CVE entry lists a...
kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nftables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAPNETADMIN capability could use this...
kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nftables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAPNETADMIN capability could use this...
USN-6174-1 linux-oem-5.17 vulnerabilities
Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0459 It was discovered that the Huma...
Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12413)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12413 advisory. - netfilter: nftables: deactivate anonymous set from preparation phase Pablo Neira Ayuso Orabug: 35382084 CVE-2023-32233 - KVM: nVMX: add missing...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12394)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12394 advisory. - An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x8664 lacks consistency checks for CR0 and CR4...
Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-6149-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6149-1 advisory. Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests,...
kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nftables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAPNETADMIN capability could use this...
kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...
kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nftables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAPNETADMIN capability could use this...
kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...
kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nftables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAPNETADMIN capability could use this...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from memory corruption due to improper access control in the kernel when handling mapping requests from the root process...
Important: kernel
Issue Overview: In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are...
Debian dla-3446 : linux-config-5.10 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3446 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3446-1 [email protected]...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2023-046)
The version of kernel installed on the remote host is prior to 5.4.242-156.349. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2023-046 advisory. In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be...
AlmaLinux 8 : kernel-rt (ALSA-2023:3350)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3350 advisory. - In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write...
AlmaLinux 8 : kernel (ALSA-2023:3349)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3349 advisory. - In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write...
USN-6133-1 linux-intel-iotg vulnerabilities
It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...
Information disclosure
Windows Kernel Memory Information Disclosure Vulnerability...