UBUNTU-CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9423)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9423 advisory. 4.14.35-2047.513.2.2 - debug: Lock down kgdb Stephen Brennan Orabug: 34152700 CVE-2022-21499 Tenable has extracted the preceding description block directly from...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9427)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9427 advisory. 4.14.35-2047.513.2.2.el7 - debug: Lock down kgdb Stephen Brennan Orabug: 34152700 CVE-2022-21499 Tenable has extracted the preceding description block directly...

PT-2022-6784

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a possible kernel memory corruption due to improper locking in multiple functions of io uring.c. This could lead to local escalation of privilege in the kernel wi...

Apple TV 缓冲区错误漏洞

Apple TV 4K and Apple TV HD are both products of Apple Inc.Apple TV 4K is a smart set-top box. The Apple TV 4K is a smart set-top box used to launch 4K Hdr images.Apple TV HD is a high-definition television set-top box product.... A buffer error vulnerability exists in Apple TV 4K, Apple TV 4K 2n...

Ubuntu: Security Advisory (USN-5415-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local unprivileged user to gain access to kernel memory leading to a system crash or a leak of internal kernel information.

...

USN-5415-1 linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service system crash. CVE-2020-27820 Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor...

OESA-2022-1631 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the systemCVE-2022-1205 A flaw was...

Design/Logic Flaw

In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for...

kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free

An out-of-bounds OOB memory access flaw was found in net/core/filter.c in bpfskbmaxlen in the Linux kernel. A missing sanity check to the current MTU check may allow a local attacker with special user privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal...

Amazon Linux 2 : kernel (ALAS-2022-1793)

The version of kernel installed on the remote host is prior to 4.14.276-211.499. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1793 advisory. 2024-02-01: CVE-2022-41858 was added to this advisory. A use-after-free flaw was found in the Linux kernel's FUSE...

PT-2022-7667 · Realtek · Realtek Rtsuer Driver For Usb Card Reader +1

Name of the Vulnerable Software and Affected Versions: Realtek RtsPer driver for PCIe Card Reader versions prior to 10.0.22000.21355 Realtek RtsUer driver for USB Card Reader versions prior to 10.0.22000.31274 Description: The issue is related to a buffer overflow in memory, allowing an attacker ...

PT-2022-7668 · Realtek · Realtek Rtsuer Driver For Usb Card Reader +1

Name of the Vulnerable Software and Affected Versions: Realtek RtsPer driver for PCIe Card Reader versions prior to 10.0.22000.21355 Realtek RtsUer driver for USB Card Reader versions prior to 10.0.22000.31274 Description: The issue is related to memory release errors in the Realtek SD card reade...

Medium: kernel

Issue Overview: A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write. This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. CVE-2022-1011 A vulnerability was found in the...

CVE-2021-22556

The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond...

CVE-2021-22556

The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond...

Integer overflow

The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond...

CVE-2021-22556

CVE-2021-22556 affects the Fuchsia kernel. A integer overflow flaw lets a user with code execution issue memory cache invalidation on pages they don’t own, enabling control of kernel memory from userspace. Remediation per sources: upgrade to kernel version 4.1 or beyond. Other connected sources c...

Fuchsia 输入验证错误漏洞

Fuchsia is an open source general purpose operating system. Fuchsia has a security vulnerability that stems from the presence of an integer overflow vulnerability. An attacker could issue a memory cache invalidation operation on a page they do not own, allowing them to control kernel memory from...