The vulnerability of the `sys_perf_event_open()` function in the Linux operating system’s perf subsystem allows a local attacker to gain root privileges.

The vulnerability of the sysperfeventopen function in the Linux operating system’s perf subsystem stems from the race condition within this subsystem. This condition can be exploited to initiate access to a freed memory area in the kernel. Exploiting this vulnerability allows a local attacker to...

CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

UBUNTU-CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9423)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9423 advisory. 4.14.35-2047.513.2.2 - debug: Lock down kgdb Stephen Brennan Orabug: 34152700 CVE-2022-21499 Tenable has extracted the preceding description block directly from...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9427)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9427 advisory. 4.14.35-2047.513.2.2.el7 - debug: Lock down kgdb Stephen Brennan Orabug: 34152700 CVE-2022-21499 Tenable has extracted the preceding description block directly...

PT-2022-6784

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a possible kernel memory corruption due to improper locking in multiple functions of io uring.c. This could lead to local escalation of privilege in the kernel wi...

Apple TV 缓冲区错误漏洞

Apple TV 4K and Apple TV HD are both products of Apple Inc.Apple TV 4K is a smart set-top box. The Apple TV 4K is a smart set-top box used to launch 4K Hdr images.Apple TV HD is a high-definition television set-top box product.... A buffer error vulnerability exists in Apple TV 4K, Apple TV 4K 2n...

Ubuntu: Security Advisory (USN-5415-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local unprivileged user to gain access to kernel memory leading to a system crash or a leak of internal kernel information.

...

USN-5415-1 linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service system crash. CVE-2020-27820 Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor...

OESA-2022-1631 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the systemCVE-2022-1205 A flaw was...

Design/Logic Flaw

In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for...

kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free

An out-of-bounds OOB memory access flaw was found in net/core/filter.c in bpfskbmaxlen in the Linux kernel. A missing sanity check to the current MTU check may allow a local attacker with special user privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal...

Medium: kernel

Issue Overview: A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write. This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. CVE-2022-1011 A vulnerability was found in the...

PT-2022-7667 · Realtek · Realtek Rtsuer Driver For Usb Card Reader +1

Name of the Vulnerable Software and Affected Versions: Realtek RtsPer driver for PCIe Card Reader versions prior to 10.0.22000.21355 Realtek RtsUer driver for USB Card Reader versions prior to 10.0.22000.31274 Description: The issue is related to a buffer overflow in memory, allowing an attacker ...

PT-2022-7668 · Realtek · Realtek Rtsuer Driver For Usb Card Reader +1

Name of the Vulnerable Software and Affected Versions: Realtek RtsPer driver for PCIe Card Reader versions prior to 10.0.22000.21355 Realtek RtsUer driver for USB Card Reader versions prior to 10.0.22000.31274 Description: The issue is related to memory release errors in the Realtek SD card reade...

Amazon Linux 2 : kernel (ALAS-2022-1793)

The version of kernel installed on the remote host is prior to 4.14.276-211.499. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1793 advisory. 2024-02-01: CVE-2022-41858 was added to this advisory. A use-after-free flaw was found in the Linux kernel's FUSE...

CVE-2021-22556

The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond...

CVE-2021-22556

The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond...

Integer overflow

The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond...