AZL-13364 CVE-2023-0615 affecting package kernel for versions less than 5.15.122.1-2

A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOCSDVTIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled...

AZL-13247 CVE-2022-4139 affecting package kernel for versions less than 5.15.92.1-2

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system...

The vulnerability of the queue insertion function sch_sfb in Linux operating system kernels allows a hacker to cause a service failure.

The vulnerability of the queue insertion function schsfb in Linux operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...

AZL-11584 CVE-2022-42329 affecting package kernel for versions less than 5.15.92.1-1

Guests can trigger deadlock in Linux netback driver This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packe...

Input validation

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: versi...

Design/Logic Flaw

DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through...

CVE-2022-29279

Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: versi...

PT-2022-35036 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A potential security issue exists due to a race in lowcomms. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.3,...

Vulnerability of the l2cap_conn_del() function (net/bluetooth/l2cap_core.c) in Linux operating system kernels, allowing a attacker to execute arbitrary code

The vulnerability of the l2capconndel function net/bluetooth/l2capcore.c in Linux operating systems is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

AZL-11354 CVE-2022-43750 affecting package kernel for versions less than 5.15.77.1-1

drivers/usb/mon/monbin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory...

DEBIAN-CVE-2022-42721

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers able to inject WLAN frames to corrupt a linked list and, in turn, potentially execute code...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in Compute function in batchkernels.cc because Unbatch Op kernel doesn't properly check if the input argument is a scalar which allows an attacker to send non-scalar input IDs causing an application crash...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists Compute function of convgradinputops.h because the CPU/GPU kernels are not properly handled for empty outbackprop inputs which allows an attacker to cause an application crash by sending malicious inputs...

PT-2022-33765 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.63 Description: The issue is related to a potential buffer overflow caused by the snprintf function in the ASoC: SOF: Intel: hda driver. The actual impact and attack plausibility have not yet been proven...

CVE-2022-35999 `CHECK` fail in `Conv2DBackpropInput` in TensorFlow

TensorFlow is an open source platform for machine learning. When Conv2DBackpropInput receives empty outbackprop inputs e.g. 3, 1, 0, 1, the current CPU/GPU kernels CHECK fail one with dnnl, the other with cudnn. This can be used to trigger a denial of service attack. We have patched the issue in...

CVE-2022-35999

TensorFlow CVE-2022-35999 affects Conv2DBackpropInput: when out_backprop is empty (example [3,1,0,1]), CPU/GPU kernels fail CHECKs, enabling potential denial of service. A patch was committed (27a65a43cf763897fecfa5cdb5cc653fc5dd0346) and will be included in TensorFlow 2.10.0; the patch will also...

[Important] [Security] Virtuozzo ReadyKernel patch 147.0 for Virtuozzo Hybrid Server 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5. Vulnerability id: PSBM-141578 3.10.0-1160.21.1.vz7.174.13 to 3.10.0-1160.53.1.vz7.185.3 netfilter: nftables: NULL pointer access in chain filter...

CVE-2022-21385

A flaw in netrdsallocsgs in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 Availability impacts. CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

DEBIAN-CVE-2022-21385

A flaw in netrdsallocsgs in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 Availability impacts. CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

UBUNTU-CVE-2022-21385

A flaw in netrdsallocsgs in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 Availability impacts. CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...