Denial of Service Vulnerability in the Kernel Module of Guangfa Bank Security Controls

As one of the first joint-stock commercial banks organized in China, Guangfa Bank is committed to building the best retail bank and the most efficient SME bank in China. A denial of service vulnerability exists in the kernel module of the Guangfa Bank security control, which can be exploited by a...

Oracle Linux 8 : kernel (ELSA-2019-2703)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2703 advisory. - wireless mwifiex: fix 802.11n/WPA detection Jarod Wilson 1714475 1714476 CVE-2019-3846 - x86 x86/entry/64: Use JMP instead of JMPQ Josh Poimboeuf...

CentOS 7 : keepalived (CESA-2019:2285)

An update for keepalived is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Moderate: Red Hat Security Advisory: keepalived security and bug fix update

An update for keepalived is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Kernel: vhost_net: infinite loop while receiving packets leads to DoS

An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostnet kernel thread,...

kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS

A flaw was found in the Linux kernel, prior to version 5.0.7, in drivers/scsi/megaraid/megaraidsasbase.c, where a NULL pointer dereference can occur when megasascreateframepool fails in megasasalloccmds. An attacker can crash the system if they were able to load the megaraidsas kernel module and...

Important: Red Hat Security Advisory: keepalived security update

An update for keepalived is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Amazon Linux AMI : kernel (ALAS-2019-1232)

An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostnet kernel thread,...

Amazon Linux 2 : kernel (ALAS-2019-1232)

An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostnet kernel thread,...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1948-1) (SACK Panic) (SACK Slowness)

This update for the Linux Kernel 4.4.121-92104 fixes several issues. The following security issues were fixed : CVE-2019-11477: Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow when handling TCP Selective Acknowledgments SACKs. A remote attacker...

Exploit for Integer Overflow or Wraparound in Linux Linux_Kernel

cve-2019-11477-poc Simple Test 1. Start two VMs - one for...

Important: kernel

Issue Overview: An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostne...

Important: kernel

Issue Overview: An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostne...

The vulnerability in the implementation of the photg210_udc_probe handler in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the photg210udcprobe implementation in the loaded module of the drivers/usb/gadget/udc/fotg210-udc.ko kernel of the Linux operating system is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause a system failure by connecting the FOTG210 UDC...

The vulnerability in the implementation of the ir_lirc_unregister handler in Linux kernels allows a malicious actor to trigger a service failure.

The vulnerability of the implementation of the irlircunregister handler in the loaded module drivers/media/rc/ir-lirc-codec.ko of the Linux operating system is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure by repeatedly loading and...

The vulnerability in the implementation of the mpi_alloc function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the mpialloc function in the loaded module of the digsig/digsigverif.ko kernel of the Linux operating system is related to the assignment of the null pointer. Exploiting this vulnerability could allow an attacker to cause a system failure when there is a memory shortage in th...

The vulnerability in the implementation of the alsa_seq_dummy_init handler in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the alsaseqdummyinit implementation in the sound/core/seq/snd-seq-dummy.ko module of the Linux operating system is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure by connecting an ALSA sequencer MIDI-through device. Th...

The vulnerability in the implementation of the ips_init_phase1 function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability in the implementation of the ipsinitphase1 function, which is called from the ipsinsertdevice handler in the loaded module drivers/scsi/ips.ko of the Linux operating system, stems from a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)

Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel pani...

FreeBSD-SA-19:08.rack

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:08.rack Security Advisory The FreeBSD Project Topic: Resource exhaustion in non-default RACK TCP stack Category: core Module: inet Announced: 2019-06-19...