Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.0 through 5.5. An attacker...

PT-2023-35261 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.164 Description: A potential security issue exists due to a warning during failed attribute validation in the act mpls component of the Linux Kernel. The actual impact and attack plausibility have not yet...

PT-2023-34744 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v6.1.7 through v6.1.8 Description: The issue is related to a potential security vulnerability in the io uring/poll component. It was introduced in version v6.1.7 and fixed in version v6.1.8. The actual impact and attack...

AZL-13051 CVE-2022-41858 affecting package kernel for versions less than 5.15.87.1-1

A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sltxtimeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information...

PT-2023-34677 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.29 through 4.9.336 Description: A potential memory leak issue was discovered in the dio init function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2023-33157 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue is related to a server-active leak in the afs put server function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2023-33468 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.19 Description: The issue is related to a panic due to the wrong pageattr of im-image. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

PT-2023-33179 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v4.8 through v6.0.11 Description: The issue concerns an out-of-bounds read in the afe4403 read raw function. It was introduced in version v4.8 and fixed in version v6.0.12. The actual impact and attack plausibility have...

CVE-2022-47941, CVE-2022-47942, CVE-2022-47938, CVE-2022-47939, CVE-2022-47940. Vulnerabilities affecting the ksmb module in the Linux kernel versions 5.14 through 5.15.61. (BSA-2022-2157).

Security Advisory ID: BSA-2022-2157 Component: ksmbd module in the Linux kernel Revision: 2.1 Brocade PSIRT has become aware of several vulnerabilities affecting theksmbdmodule in the Linux kernel published by Trend Micro Zero Day Initiative. ZDI-22-1687 - CVSS SCORE: 5.3 - CVE-2022-47941...

AZL-12097 CVE-2022-47942 affecting package kernel for versions less than 5.15.86.1-1

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in setntacldacl, related to use of SMB2QUERYINFOHE after a malformed SMB2SETINFOHE command...

UBUNTU-CVE-2022-47939

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2TREEDISCONNECT...

AZL-11609 CVE-2022-3108 affecting package kernel for versions less than 5.15.86.1-1

An issue was discovered in the Linux kernel through 5.16-rc6. kfdparsesubtypeiolink in drivers/gpu/drm/amd/amdkfd/kfdcrat.c lacks check of the return value of kmemdup...

PT-2022-36301 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.156 Description: The issue is related to the misuse of put device in mISDN register device. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-36210 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.79 Description: The issue is related to the addition of a sentinel to the quirks table in the Ralink MT7621-PCI driver. The actual impact and attack plausibility have not yet been proven. Recommendations:...

PT-2022-35958 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v6.0.7 through v6.0.10 Description: The issue concerns missing SIGTRAP checking, which may potentially lead to security vulnerabilities. However, the actual impact and attack plausibility have not yet been proven. It was...

AZL-11583 CVE-2022-42328 affecting package kernel for versions less than 5.15.92.1-1

Guests can trigger deadlock in Linux netback driver This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packe...

CVE-2022-30771

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in:...

CVE-2022-33905

DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through...

CVE-2022-29275

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: versi...

CVE-2022-30771

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in:...