kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

TencentOS Server 4: kernel (TSSA-2025:0836)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0836 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Oracle Linux 9 : kernel (ELSA-2025-12746)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-12746 advisory. - netsched: hfsc: Address reentrant enqueue adding class to eltree twice Davide Caratti RHEL-97522 CVE-2025-38001 CVE-2025-37890 - schhfsc: Fix qlen...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

RHEL 8 : kpatch-patch-4_18_0-553, kpatch-patch-4_18_0-553_16_1, kpatch-patch-4_18_0-553_30_1, and kpatch-patch-4_18_0-553_40_1 (RHSA-2025:8345)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8345 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch...

RHEL 9 : kpatch-patch-5_14_0-427_13_1, kpatch-patch-5_14_0-427_31_1, kpatch-patch-5_14_0-427_44_1, and kpatch-patch-5_14_0-427_55_1 (RHSA-2025:4497)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4497 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

CLSA-2025-1744372501 kernel: Fix of CVE-2024-1086

Backported els0..els3 patches and changelog including CVE-2024-1086...

RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 (RHSA-2025:3096)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3096 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

Oracle Linux 8 : kernel (ELSA-2024-8856)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8856 advisory. - lib/generic-radix-tree.c: Fix rare race in genradixptralloc Waiman Long RHEL-62139 CVE-2024-47668 - bonding: fix xfrm realdev null pointer dereferenc...

CLSA-2024-1725293298 kernel: Fix of 37 CVEs

tun: add missing verification for short frame CVE-2024-41091 - tap: add missing verification for short frame CVE-2024-41090 - drm/amd/display: Fix potential index out of bounds in color transformation function CVE-2024-38552 - net: fix dstnegativeadvice race CVE-2024-36971 - net: annotate...

OPENSUSE-SU-2024:13959-1 kernel-devel-6.8.9-1.1 on GA media

These are all security issues fixed in the kernel-devel-6.8.9-1.1 package on the GA media of openSUSE Tumbleweed...

Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer

Impact There is an ext4 use-after-free flaw described in CVE-2022-1184 that is exploitable through versions of Apptainer 1.1.0 and installations that include apptainer-suid 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10...

[SECURITY] Fedora 34 Update: qemu-5.2.0-9.fc34

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Microsoft Azure Sphere Linux namespace ptrace unsigned code execution vulnerability

Summary An unsigned code execution vulnerability exists in the Linux namespace ptrace functionality of Microsoft Azure Sphere 21.01. Specially crafted shellcode could allow an adversary to execute unsigned code. An attacker can change the namespace and use ptrace to modify the code of a running...

[SECURITY] Fedora 29 Update: qemu-3.0.1-4.fc29

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 29 Update: qemu-3.0.0-4.fc29

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 29 Update: qemu-3.0.0-2.fc29

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 28 Update: qemu-2.11.2-2.fc28

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 27 Update: qemu-2.10.2-1.fc27

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0236)

The remote OracleVM system is missing necessary patches to address critical security updates : - block: update integrity interval after queue limits change Ritika Srivastava Orabug: 27586756 - dccp: check sk for closed state in dccpsendmsg Alexey Kodanev Orabug: 28001529 CVE-2017-8824 CVE-2018-11...