kernel: sctp: handle the error returned from sctp_auth_asoc_init_active_key

In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctpauthasocinitactivekey When it returns an error from sctpauthasocinitactivekey, the activekey is actually not updated. The old shkey will be freeed while it's still used as active key in...

PT-2025-8335 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the version where the fix for the buffer overflow issue in mm/page owner.c is included. Description: A buffer overflow issue has been identified in the Linux kernel, specifically in the mm/page owner.c file. The...

DEBIAN-CVE-2023-0045

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ibprctlset function updates the Thread Information Flags TIFs for the task and updates the SPECCTRL MSR on the function speculationctrlupdate, but the IBPB is only issued on the next...

Solaris 10 (sparc) : 153153-07

SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Apr/13/23 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include"compat.inc"; if description...

CVE-2023-1079 affecting package kernel 5.10.174.1-1

CVE-2023-1079 affecting package kernel 5.10.174.1-1. A patched version of the package is available...

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet the kernel could be affected.

...

CVE-2023-0590

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

Solaris 10 (sparc) : 153153-06

SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Jul/18/22 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include"compat.inc"; if description...

SUSE CVE-2007-5494

Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux RHEL 4 and 5 allows local users to cause a denial of service memory consumption via a large number of open requests involving OATOMICLOOKUP...

SUSE CVE-2013-2224

A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux RHEL 6 allows local users to cause a denial of service invalid free operation and system crash or possibly gain privileges via a sendmsg system call with the IPRETOPTS option, as demonstrated by hemlock.c. NOTE: this...

SUSE CVE-2019-15794

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On...

SUSE CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

CVE-2022-47518 affecting package kernel 5.10.158.1-1

CVE-2022-47518 affecting package kernel 5.10.158.1-1. A patched version of the package is available...

Unbreakable Enterprise kernel security update

5.4.17-2136.315.5 - Revert 'xfs: Lower CIL flush limit for large logs' Sherry Yang Orabug: 34917369 - Revert 'xfs: Throttle commits on delayed background CIL push' Sherry Yang Orabug: 34917369 - Revert 'xfs: fix use-after-free on CIL context on shutdown' Sherry Yang Orabug: 34917369...

CVE-2022-3115 affecting package kernel 5.10.155.1-1

CVE-2022-3115 affecting package kernel 5.10.155.1-1. A patched version of the package is available...

SUSE-SU-2022:4614-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in doprocdointvec bsc1206207. - CVE-2022-3635: Fixed a use-after-free in the tsttimer of the file drivers/atm/idt77252.c...

kernel: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error

In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe function. But, the rt711-component doesn't be assigned yet. If IO error happened during initial...

CVE-2022-32267

DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption a TOCTOU attack DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM...

CVE-2022-1204 affecting package kernel 5.10.144.1-1

CVE-2022-1204 affecting package kernel 5.10.144.1-1. A patched version of the package is available...

CVE-2022-2938 affecting package kernel for versions less than 5.15.67.1-4

CVE-2022-2938 affecting package kernel for versions less than 5.15.67.1-4. A patched version of the package is available...