Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client

...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

AZL-33961 CVE-2024-22705 affecting package kernel for versions less than 5.15.148.1-1

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled...

OESA-2024-1084 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause...

CVE-2023-46862 affecting package kernel for versions less than 5.15.143.1-1

CVE-2023-46862 affecting package kernel for versions less than 5.15.143.1-1. A patched version of the package is available...

SUSE-SU-2024:0160-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the...

SUSE-SU-2024:0156-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgenericon the socket that t...

SUSE-SU-2024:0129-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket th...

OESA-2024-1068 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the Linux kernel before 6.6.8. roseioctl in net/rose/afrose.c has a use-after-free because of a roseaccept race condition.CVE-2023-51782 A memory leak problem was found in ctnetlinkcreateconntrack in...

OESA-2024-1035 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: openeuler-linux-kernel-5.10.149-ext4writeinlinedata-kernelbug-365020CVE-2021-33631 An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravbremove in...

CVE-2023-33113 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Kernel

Memory corruption when resource manager sends the host kernel a reply message with multiple fragments...

SUSE-SU-2023:4862-1 Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059109 fixes several issues. The following security issues were fixed: - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nftables component can be exploited to achieve local privilege escalation. bsc1215097 - CVE-2023-4622: Fixed a...

SUSE-SU-2023:4847-1 Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122147 fixes one issue. The following security issue was fixed: - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation bsc1215442...

SUSE-SU-2023:4833-1 Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024139 fixes several issues. The following security issues were fixed: - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation bsc1215442. - CVE-2023-2163...

Unbreakable Enterprise kernel security update

5.15.0-201.135.6 - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller Johnathan Mantey - netfilter: nftables: split async and sync catchall in two functions Pablo Neira Ayuso - netfilter: nftables: remove catchall element in GC sync path Pablo Neira Ayuso - scsi: mpt3sas: Fix...

CLSA-2023-1701963303 kernel: Fix of 18 CVEs

net/tls: do not free tlsrec on async operation in bpfexectxverdict CVE-2023-6176 - wifi: mac80211: fix MBSSID parsing use-after-free CVE-2022-42719 - mac80211: always allocate struct ieee80211elems CVE-2022-42719 - x86/sev: Check for user-space IOIO pointing to kernel space CVE-2023-46813 -...

CVE-2023-21216

In PMRChangeSparseMemOSMem of physmemosmemlinux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2023-27257 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the modify for next stage function in fdt.rs, where improperly used crypto could render KASLR ineffective. This could lead to...

OESA-2023-1858 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An out-of-bounds read vulnerability was found in Netfilter Connection Tracking conntrack in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.CVE-2023-39197...

ASB-A-292000190

In PMRChangeSparseMemOSMem of physmemosmemlinux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...