CVE-2020-27067

A flaw use-after-free in the Linux kernel l2tp subsystem was found in the way user initialize and use vpn connection over l2tp. A local user could use this flaw to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as syst...

Synology DiskStation Manager Improper Access Control Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. An improper access control vulnerability exists in synoagentregisterd in...

Synology DiskStation Manager 访问控制错误漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. An improper access control vulnerability exists in synoagentregisterd in...

Amazon Linux 2 : kernel (ALAS-2021-1600)

The version of kernel installed on the remote host is prior to 4.14.219-161.340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1600 advisory. 2024-05-23: CVE-2023-1390 was added to this advisory. A use-after-free flaw was found in kernel/trace/ringbuffer.c...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2021-3348: Fixed a use-after-free in nbdaddsocket that could be triggered by local attackers with access to the nbd device via an I/O request at a certain point...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

DEBIAN-CVE-2021-1056

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer nvidia.ko in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure...

CVE-2020-27820

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off, but same happens if "unbind" the driver. Mitigation To mitigate this issue, prevent the module...

Unbreakable Enterprise kernel security update

5.4.17-2036.100.6.1.el8uek - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040802 CVE-2020-8694 CVE-2020-8695 - KVM: ioapic: break infinite recursion on lazy EOI Vitaly Kuznetsov Orabug: 32066585 CVE-2020-27152 CVE-2020-27152 - x86/mitigations: Restore paranoid checks fo...

RHEL 8 : cryptsetup (RHSA-2020:4542)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4542 advisory. The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. The following packages have been upgraded ...

Moderate: cryptsetup security, bug fix, and enhancement update

The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. The following packages have been upgraded to a later upstream version: cryptsetup 2.3.3. BZ1796826 Security Fixes: cryptsetup: Out-of-bounds write when validating segments CVE-2020-14382 For...

CVE-2020-5983

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended boundary of the frame buffer memory allocated to guest operating systems, which may lead to denial of...

CVE-2020-5983

CVE-2020-5983 affects NVIDIA’s vGPU software: a vulnerability in the vGPU plugin and host driver kernel module can allow writing beyond the frame buffer memory boundary for guest OSes, potentially causing denial of service or information disclosure. Affected vGPU versions are 8.x (before 8.5), 10...

[SECURITY] Fedora 31 Update: cryptsetup-2.3.4-1.fc31

The cryptsetup package contains a utility for setting up disk encryption using dm-crypt kernel module...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5845)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5845 advisory. - sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices Dave Chiluk Orabug: 31350999 CVE-2019-19922 - sched/fai...

[SECURITY] Fedora 32 Update: cryptsetup-2.3.4-1.fc32

The cryptsetup package contains a utility for setting up disk encryption using dm-crypt kernel module...

USN-4483-1: Linux kernel vulnerabilities

Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service memory exhaustion. CVE-2019-20810 Fan Yang discovered that the mremap...

Amazon Linux 2 : kernel (ALAS-2020-1480)

The version of kernel installed on the remote host is prior to 4.14.192-147.314. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1480 advisory. 2024-06-19: CVE-2020-14356 was added to this advisory. The Serial Attached SCSI SAS implementation in the Linux...

Important: kernel

Issue Overview: The Serial Attached SCSI SAS implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service deadlock by triggering certain error-handling code. CVE-2017-18232 The xfsbmapextentstobtree function in fs/xfs/libxfs/xfsbmap.c i...

CVE-2019-0155

A flaw was found in the Intel graphics hardware GPU, where a local attacker with the ability to issue commands to the GPU could inadvertently lead to memory corruption and possible privilege escalation. The attacker could use the GPU blitter to perform privilege MMIO operations, not limited to th...