[SECURITY] Fedora 35 Update: golang-github-prometheus-node-exporter-1.3.1-7.fc35

Prometheus exporter for hardware and OS metrics exposed by NIX kernels, writ ten in Go with pluggable metric collectors...

AZL-9241 CVE-2022-0500 affecting package kernel for versions less than 5.15.37.1-2

A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system...

AZL-9239 CVE-2022-0435 affecting package kernel for versions less than 5.15.37.1-2

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges...

UBUNTU-CVE-2022-0487

A use-after-free vulnerability was found in rtsxusbmsdrvremove in drivers/memstick/host/rtsxusbms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1...

Mageia: Security Advisory (MGASA-2019-0388)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path...

cylc-uiserver (>=0.1.0 <=0.3.0), jhub-swarmspawner (>=0.2.0 <=0.2.6) +2 more potentially affected by CVE-2021-41247 via jupyterhub (>=1.0.0 <=1.4.2)

jupyterhub PYPI version =1.0.0, =0.1.0, =0.2.0, =0.2.25, =0.0.1, =0.1.6 Source cves: CVE-2021-41247 Source advisory: OSV:GHSA-CW7P-Q79F-M2V7...

cylc-uiserver (>=0.1.0 <=0.3.0), jhub-swarmspawner (>=0.2.0 <=0.2.6) +2 more potentially affected by CVE-2021-41247 via jupyterhub (>=1.0.0 <=1.4.2)

jupyterhub PYPI version =1.0.0, =0.1.0, =0.2.0, =0.2.25, =0.0.1, =0.1.6 Source cves: CVE-2021-41247 Source advisory: OSV:PYSEC-2021-386...

USN-5092-3 linux-azure, linux-azure-5.11 regression

USN-5092-2 fixed vulnerabilities in Linux 5.11-based kernels. Unfortunately, for Linux kernels intended for use within Microsoft Azure environments, that update introduced a regression that could cause the kernel to fail to boot in large Azure instance types. This update fixes the problem. We...

Netfilter x_tables Heap OOB Write Privilege Escalation

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space. Kernels up to 5.11 including are vulnerable. More information about vulnerable...

GHSA-V82P-HV3V-P6QP Incomplete validation in MKL requantization

Impact Due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays: python import tensorflow as tf tf.rawops.RequantizationRangePerChannel...

microcode_ctl security, bug fix and enhancement update

4:20210216-1.20210608.0.1 - add support for UEK6 kernels - enable early update for 06-4f-01 - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 - enable early and late load on RHCK 4:20210216-1.20210608.1 - Update Intel CPU microcode to microcode-20210608 release: - Fixes in...

AZL-6566 CVE-2021-34556 affecting package kernel for versions less than 5.10.78.1-1

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack...

Advisory ROSA-SA-2021-1859

Software: kernel 3.10.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-10751 CVE-Crit: MEDIUM CVE-DESC: A bug was discovered in the implementation of the SELinux LSM trap in Linux kernels prior to version 5.7, where it was incorrectly assumed that skb would only contain a single netlink message. The trap...

Design/Logic Flaw

x86: Speculative vulnerabilities with bare non-shim 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to...

CVE-2021-3491

The iouring subsystem in the Linux kernel allowed the MAXRWCOUNT limit to be bypassed in the PROVIDEBUFFERS operation, which led to negative values being usedin memrw when reading /proc//mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was...

Out-of-bounds

The eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e "bpf: Fix...

CVE-2021-3490 Linux kernel eBPF bitwise ops ALU32 bounds tracking

The eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e "bpf: Fix...

CVE-2021-3491 Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass

The iouring subsystem in the Linux kernel allowed the MAXRWCOUNT limit to be bypassed in the PROVIDEBUFFERS operation, which led to negative values being usedin memrw when reading /proc//mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was...

CVE-2020-10774

A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rhfeatures file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to...