SUSE-SU-2019:0150-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In skclonelock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with...

Information Disclosure

Linux kernel-rt is vulnerable to information disclosure. A NULL pointer dereference in the sndctlelemusertlv function in sound/core/control.c allows a local privileged user to exploit the vulnerability to leak kernel memory to user space...

Apple macOS High Sierra AMD out-of-bounds read vulnerability (CNVD-2019-01540)

Apple macOS High Sierra is a suite of specialized operating systems developed for Mac computers by Apple, Inc. AMD is one of the AMD product components. An out-of-bounds read vulnerability exists in AMD in Apple macOS High Sierra version 10.13.4. A local attacker could exploit the vulnerability t...

Apple macOS High Sierra AMD Out-of-Bounds Read Vulnerability (CNVD-2019-01532)

Apple macOS High Sierra is a suite of specialized operating systems developed for Mac computers by Apple, Inc. AMD is one of the AMD product components. An out-of-bounds read vulnerability exists in AMD in Apple macOS High Sierra version 10.13.4. A local attacker could exploit the vulnerability t...

Amazon Linux AMI : kernel (ALAS-2019-1145)

The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c.CVE-2018-20169 A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition betwe...

CVE-2016-7576

In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling...

CVE-2016-7576

In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling...

Virtuozzo 7 : readykernel-patch (VZA-2018-088)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - Transforming an IPv6 socket to an IPv4 and then transforming it back to a listening socket could result in a kernel...

The vulnerability of the Windows operating system’s kernel allows a hacker to execute arbitrary code with elevated privileges.

The vulnerability of the Windows operating system’s kernel arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a local attacker to execute arbitrary code with elevated privileges through a specially created application...

Multiple Qualcomm Product Input Validation Vulnerabilities (CNVD-2019-01714)

Qualcomm IPQ8074 and others are central processing unit CPU products from Qualcomm Incorporated for various platforms.Content Protection is one of the content protection components. An input validation vulnerability in Content Protection in multiple Qualcomm products can be exploited by a remote...

Medium: kernel

Issue Overview: The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c.CVE-2018-20169 A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race...

Medium: kernel

Issue Overview: The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c.CVE-2018-20169 A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2223-1)

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-5390 aka SegmentSmack: A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during I...

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.89 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the Intel...

Ubuntu: Security Advisory (USN-3849-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3848-1: Linux kernel vulnerabilities

It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-18174 It was discovered that an integer overrun vulnerability existed in the POSIX timers...

USN-3847-3: Linux kernel (Azure) vulnerabilities

USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leadi...

USN-3847-1 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities

It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-10902 It was discovered that an integer overr...

USN-3846-1: Linux kernel vulnerability

It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information kernel memory...

Vulnerability Spotlight : Multiple Vulnerabilities in WIBU-SYSTEMS WibuKey.sys

These vulnerabilities were discovered by Marcin 'Icewall' Noga of Cisco Talos. Executive Summary WibuKey is a Digital Rights Management DRM solution that has been used in a large number of solutions such as Straton, Archicad, GRAPHISOFT, V-Ray and others. It has been leveraged by over 3,000...