USN-6701-2: Linux kernel (GCP) vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service bluetooth communication. CVE-2023-2002 It was discovered that the NVIDIA Tegra...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6705-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6705-1 advisory. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions duri...

kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c

A memory leak issue was found in the Linux kernel media subsystem in the TTUSB DEC driver. It could occur in the ttusbdecexitdvb function because of the lack of a dvbfrontenddetach call. A local user could trigger this flaw by repeatedly plugging and unplugging the device, potentially causing a...

UBUNTU-CVE-2021-47126

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6nhflushexceptions Reported by syzbot: HEAD commit: 90c911ad Merge tag 'fixes' of git://git.kernel.org/pub/scm.. git tree:...

UBUNTU-CVE-2021-47133

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Fix memory leak in amdsfhwork Kmemleak tool detected a memory leak in the amdsfh driver. ==================== unreferenced object 0xffff88810228ada0 size 32: comm "insmod", pid 3968, jiffies 4295056001 age 775.792s h...

CentOS 7 : kpatch-patch (RHSA-2024:1323)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1323 advisory. - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2capcore.c's l2capconnect and l2capleconnectreq functions which may all...

USN-6681-3: Linux kernel vulnerabilities

Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system...

kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe

An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...

kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe

An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...

The vulnerability of the dlpar_memory_remove_by_index() function in the Linux operating system’s PowerPC PSeries kernel driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the dlparmemoryremovebyindex function in the Linux operating system’s PowerPC PSeries kernel memory driver relates to reading memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

CVE-2024-23265

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to cause unexpected syste...

CVE-2024-23265

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to cause unexpected syste...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6686-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6686-1 advisory. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions duri...

PT-2024-29723

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel, where the function set memory rox can fail, leaving memory unprotected. The function bpf jit binary lock ro should check the return value of set...

SUSE CVE-2023-52587

In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating the priv-multicastlist in ipoibmcastjointask opens a window for ipoibmcastdevflush to remove the items while in the middle of iteration. If the mcast is...

CVE-2024-1460

MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process...

CVE-2024-1460

MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process...

Memory corruption

MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process...

CVE-2024-1460 MSI Afterburner v4.6.5.16370 - Kernel Memory Leak

MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process...

CVE-2024-1460

Summary: CVE-2024-1460 affects MSI Afterburner v4.6.5.16370 and is described as a kernel memory leak in RTCore64.sys triggered by IOCTL 0x80002040. The handle to RTCore64.sys must be obtained from a high-integrity process, constraining exploitability to local, high-privilege contexts. Technical d...