AZL-13821 CVE-2023-22999 affecting package kernel for versions less than 5.15.102.1-1

In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3qcomcreateursusbplatdev return value expects it to be NULL in the error case, whereas it is actually an error pointer...

AZL-13775 CVE-2023-26545 affecting package kernel for versions less than 5.15.102.1-1

In the Linux kernel before 6.1.13, there is a double free in net/mpls/afmpls.c upon an allocation failure for registering the sysctl table under a new location during the renaming of a device...

K16881: OZWPAN driver vulnerabilities CVE-2015-4001, CVE-2015-4002, CVE-2015-4003, CVE-2015-4004

Security Advisory Description Description CVE-2015-4001 Integer signedness error in the ozhcdgetdesccnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service system crash or possibly execute arbitrary...

K36462841: Linux kernel vulnerability CVE-2018-18281

Security Advisory Description Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that...

SUSE CVE-2003-1604

The redirecttarget function in net/ipv4/netfilter/iptREDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service NULL pointer dereference and OOPS by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787...

SUSE CVE-2004-1016

The scmsend function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service system hang via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition...

SUSE CVE-2004-1073

The openexec function in the execve functionality exec.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter PTINTERP functionality...

SUSE CVE-2006-5871

smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings...

SUSE CVE-2009-1265

Integer overflow in rosesendmsg sys/net/afrose.c in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent...

SUSE CVE-2009-3228

The tcfilltclass function in net/sched/schapi.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain 1 tcmpad1 and 2 tcmpad2 structure members, which might allow local users to obtain sensitive information from kernel memory via...

SUSE CVE-2013-0231

The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are...

SUSE CVE-2014-7970

The pivotroot implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service mount-tree loop via . dot values in both arguments to the pivotroot system call...

SUSE CVE-2015-2877

Kernel Samepage Merging KSM in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection CAIN attack. NOTE: the vendor states "Basically ...

SUSE CVE-2017-0627

An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10,...

SUSE CVE-2018-14634

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable...

SUSE CVE-2019-3874

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.0 through 5.5. An attacker...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.0 through 5.5. An attacker...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.0 through 5.5. An attacker...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.1 through 5.5. An attacker...