RHEL 7 : kernel (RHSA-2024:0980)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0980 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in l2capconnect...

kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...

Siemens SIMATIC CP products Improper Access Control (CVE-2023-37194)

A vulnerability has been identified in SIMATIC CP 1604 All versions, SIMATIC CP 1616 All versions, SIMATIC CP 1623 All versions, SIMATIC CP 1626 All versions, SIMATIC CP 1628 All versions. The kernel memory of affected devices is exposed to user-mode via direct memory access DMA which could allow...

kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2022-23088

The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode i.e., not associated with a SSID a malicious beacon frame may overwrite kernel memory, leading to remote code...

CVE-2022-23085

A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...

CVE-2022-23088

The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode i.e., not associated with a SSID a malicious beacon frame may overwrite kernel memory, leading to remote code...

CVE-2022-23085

A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...

CVE-2022-23084

The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...

Design/Logic Flaw

A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...

Memory corruption

The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...

Heap overflow

The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode i.e., not associated with a SSID a malicious beacon frame may overwrite kernel memory, leading to remote code...

CVE-2022-23085

CVE-2022-23085 arises from an insufficient bounds check: a user-provided integer option passed to netmap’s nmreq_copyin() could overflow, risking kernel memory corruption. Documents in the FreeBSD Netmap advisory SA-22:04 and related CVE records confirm the flaw in the netmap component, enabling ...

CVE-2022-23085 Potential jail escape vulnerabilities in netmap

A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...

CVE-2022-23084 Potential jail escape vulnerabilities in netmap

The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...

CVE-2022-23084 Potential jail escape vulnerabilities in netmap

The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...

CVE-2022-23084

CVE-2022-23084 concerns the FreeBSD netmap component. The vulnerability is a time-of-check to time-of-use bug in nmreq_copyin(): the total size of a user-provided nmreq is computed and then trusted during the copy, enabling kernel memory corruption. Impact requires netmap in devfs_ruleset; a priv...

PT-2024-11053 · Unknown · Asp Secure Os

Name of the Vulnerable Software and Affected Versions: ASP Secure OS affected versions not specified Description: The issue is related to insufficient checking of memory buffer in ASP Secure OS, which may allow an attacker with a malicious TA to read or write to the ASP Secure OS kernel virtual...

kernel: eBPF verification flaw

A vulnerability was found in Linux Kernel, where a type confusion problem in checkmapfunccompatibility may lead to free arbitrary kernel memory...

kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c

A flaw memory leak in the Linux kernel webcam device functionality was found in the way user calls ioctl that triggers videousercopy function. The highest threat from this vulnerability is to system availability...