kernel: increase slab leak leads to DoS

A flaw was found in the way memory resources were freed in the unixstreamrecvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system...

F5 Networks BIG-IP : Linux kernel vulnerability (K40523020)

An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-1531)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SAMSUNG Mobile devices 安全漏洞

Samsung mobile devices is a cell phone application from Samsung South Korea. It provides a communication function. A resource management error vulnerability exists in Samsung mobile devices SMR prior to Mar-2021 Release 1, which arises from improper memory access control and can be exploited by a...

PT-2021-7676 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.161 Description: A vulnerability in the io uring subsystem can leak kernel memory information to the user process. The timens install function calls current is single threaded to determine if the current...

Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2021-9043)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9043 advisory. - mwifiex: Fix possible buffer overflows in mwifiexcmd80211adhocstart Zhang Xiaohui Orabug: 32349211 CVE-2020-36158 - Fonts: Support FONTEXTRAWORDS...

USN-4680-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service syste...

PT-2021-8266 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.0-rc5-01361-ge3c1b78c8440-dirty Description: The issue is related to the radix set pte at function in the Linux kernel, which does not properly order the update of the Page Table Entry PTE with subsequent...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9001)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9001 advisory. - fbdev, newportcon: Move FONTEXTRAWORDS macros into linux/font.h Peilin Ye Orabug: 32176267 CVE-2020-28915 Tenable has extracted the preceding...

Apple FairPlay Buffer Error Vulnerability

Apple FairPlay is a core component of Apple Inc. that is used to provide media playback capabilities to devices. Apple FairPlay suffers from a buffer error vulnerability that exists due to a boundary condition within the FairPlay component in macOS. A native application can trigger an out-of-boun...

About the security content of watchOS 7.3 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

About the security content of tvOS 14.4 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

CentOS 8 : kernel (CESA-2019:3871)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3871 advisory. - hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write CVE-2019-0155 Note that Nessus has not tested for this issue but has instead...

About the security content of tvOS 14.4

About the security content of tvOS 14.4 This document describes the security content of tvOS 14.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

CVE-2020-27674

Xen is vulnerable to privilege escalation. An attacker can gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique...

Xen INVLPG-like flushes may leave stale TLB entries privilege escalation (XSA-286)

A privilege escalation vulnerability exists in Xen x86 PV guest kernels due to mishandles invalidation of TLB entries An unauthenticated, local attacker x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during...

Apple macOS buffer overflow vulnerability (CNVD-2021-30566)

Apple macOS is a specialized operating system developed by Apple for Mac computers. A buffer overflow vulnerability exists in Apple macOS, which can be exploited by an attacker to cause an unexpected system termination or corruption of kernel memory...

Ubuntu: Security Advisory (USN-4683-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4680-1: Linux kernel vulnerabilities

It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service system crash. CVE-2019-19770 It was discovered that a race condition existed in the binder IPC...

USN-4679-1: Linux kernel vulnerabilities

It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-25656 Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling...