SUSE: Security Advisory (SUSE-SU-2022:3450-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:3424-1 Security update for the Linux Kernel (Live Patch 29 for SLE 15)

This update for the Linux Kernel 4.12.14-15000015089 fixes several issues. The following security issues were fixed: - CVE-2022-39188: Fixed a race condition between unmapmappingrange and munmap on VMPFNMAP mappings leads to stale TLB entry bsc1203116. - CVE-2022-1652: Fixed a use-after-free in...

SUSE-SU-2022:3411-1 Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-1504002421 fixes one issue. The following security issue was fixed: - CVE-2021-39698: Fixed a memory corruption due to a use after free that could lead to local escalation of privilege with no additional execution privileges needed bsc1196959...

SUSE-SU-2022:3370-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040022 fixes several issues. The following security issues were fixed: - CVE-2022-29581: Fixed an improper Update of Reference Count vulnerability in net/sched that causes privilege escalation to root bsc1199695. - CVE-2022-39188: Fixed a race condition...

kernel security, bug fix, and enhancement update

5.14.0-70.26.1.0.10.OL9 - lockdown: also lock down previous kgdb use Daniel Thompson Orabug: 34290418 CVE-2022-21499 5.14.0-70.26.10.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.311.6 - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' Sherry Yang Orabug: 34535896 5.4.17-2136.311.5 - netfilter: nftables: do not allow RULEID to refer to another chain Thadeu Lima de Souza Cascardo Orabug: 34495567 CVE-2022-2586 - netfilter: nftable...

Unbreakable Enterprise kernel-container security update

5.15.0-2.52.3.el8 - posix-cpu-timers: Cleanup CPU timers before freeing them during exec Thadeu Lima de Souza Cascardo Orabug: 34495548 CVE-2022-2585 - fix race between exititimers and /proc/pid/timers Oleg Nesterov Orabug: 34495548 - rds: ib: Add preemption control when using per-cpu variables...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2022:6610 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: heap overflow in nftseteleminit CVE-2022-34918 kernel: vulnerability of buffer overflow in nftsetdescconcatparse CVE-2022-2078 For more details about the security issues, including the...

GSD-2022-1005612 of: check previous kernel's ima-kexec-buffer against memory bounds

of: check previous kernel's ima-kexec-buffer against memory bounds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...

PT-2022-33744 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.63 Description: The issue is related to a potential buffer overflow in debugfs due to malformed user input. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

GSD-2022-1004998 drm/amd/pm: Fix a potential gpu_metrics_table memory leak

drm/amd/pm: Fix a potential gpumetricstable memory leak This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.7 by commit...

PT-2022-33288 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.6 Description: A potential security issue has been identified in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

kernel security, bug fix, and enhancement update

4.18.0-372.26.1.0.16.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32...

CVE-2021-0942

The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = pagetophyspsOSPageArrayData-pagearrayui32PageIndex;With the current PoC this crashes as an OOB read. However, given that the O...

Moderate: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: Incomplete cleanup of multi-core shared buffers aka SBDR CVE-2022-21123 Incomplete cleanup of microarchitectural fill buffers aka SBDS CVE-2022-21125 Incomplete cleanup in specific special regist...

Exploit for Incorrect Conversion between Numeric Types in Linux Linux_Kernel

CVE-2022-2639 using pipe primitive CVE-2022-2639https://...

CVE-2022-20148

In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...