FreeBSD : FreeBSD -- ipfw invalid mbuf handling (33edcc56-83f2-11ea-92ab-00163e433440)

Incomplete packet data validation may result in accessing out-of-bounds memory CVE-2019-5614 or may access memory after it has been freed CVE-2019-15874. Impact : Access to out of bounds or freed mbuf data can lead to a kernel panic or other unpredictable results. C Tenable Network Security, Inc...

FreeBSD-SA-20:10.ipfw

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:10.ipfw Security Advisory The FreeBSD Project Topic: ipfw invalid mbuf handling Category: core Module: kernel Announced: 2020-04-21 Credits: Maxime Villard...

FreeBSD -- ipfw invalid mbuf handling

Problem Description: Incomplete packet data validation may result in accessing out-of-bounds memory CVE-2019-5614 or may access memory after it has been freed CVE-2019-15874. Impact: Access to out of bounds or freed mbuf data can lead to a kernel panic or other unpredictable results...

CVE-2020-10708

race condition in kernel/audit.c may allow low privilege users trigger kernel panic...

Denial Of Service (DoS)

The kernel packages is vulnerable to Denial of Service DoS. It is due to instances of unsafe sprintf use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local,...

Use-after-free

The kernel is vulnerable to use-after-free. Due to a flaw found in the tcprcvstateprocess function in the Linux kernel TCP/IP protocol suite implementation, if a system using IPv6 had the IPV6RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system,...

Denial Of Service (DoS)

The kernel vulnerable to denial of service DoS. The Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table via specially-crafted packe...

Denial Of Service (DoS)

The kernel package is vulnerable to denial of service DoS. The possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service kernel panic...

DEBIAN-CVE-2020-8834

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to pani...

CVE-2020-8834

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to pani...

CVE-2020-8834

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to pani...

CVE-2020-8834 Linux kernel KVM Power8 conflicting use of HSTATE_HOST_R1

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to pani...

CVE-2017-18674

An issue was discovered on Samsung mobile devices with N7.0 software. The time service aka Timaservice allows a kernel panic. The Samsung ID is SVE-2017-8593 May 2017...

CVE-2017-18674

An issue was discovered on Samsung mobile devices with N7.0 software. The time service aka Timaservice allows a kernel panic. The Samsung ID is SVE-2017-8593 May 2017...

Code injection

An issue was discovered on Samsung mobile devices with N7.0 software. The time service aka Timaservice allows a kernel panic. The Samsung ID is SVE-2017-8593 May 2017...

CVE-2017-18674

An issue was discovered on Samsung mobile devices with N7.0 software. The time service aka Timaservice allows a kernel panic. The Samsung ID is SVE-2017-8593 May 2017...

CVE-2017-18674

CVE-2017-18674 affects Samsung mobile devices running Android N (7.0); the Timaservice time service is susceptible to a kernel panic. The issue is associated with Samsung ID SVE-2017-8593, May 2017. CVSS indicates network attack vector with low privileges required and high availability impact. Th...

UBUNTU-CVE-2020-8834

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to pani...

CVE-2017-15128

A flaw was found in the Linux kernel where a local user with a shell account can abuse the userfaultfd syscall when using hugetlbfs. A missing size check in hugetlbmcopyatomicpte could create an invalid inode variable, leading to a kernel panic...

CVE-2018-11987

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic...