Lucene search
K

769 matches found

OSV
OSV
added 2021/10/18 10:15 p.m.4 views

USN-5092-3 linux-azure, linux-azure-5.11 regression

USN-5092-2 fixed vulnerabilities in Linux 5.11-based kernels. Unfortunately, for Linux kernels intended for use within Microsoft Azure environments, that update introduced a regression that could cause the kernel to fail to boot in large Azure instance types. This update fixes the problem. We...

6.3AI score
Exploits0References2
Metasploit
Metasploit
added 2021/10/07 5:42 p.m.608 views

Netfilter x_tables Heap OOB Write Privilege Escalation

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space. Kernels up to 5.11 including are vulnerable. More information about vulnerable...

8.3CVSS6.9AI score0.78684EPSS
Exploits21
OSV
OSV
added 2021/08/25 2:42 p.m.2 views

GHSA-V82P-HV3V-P6QP Incomplete validation in MKL requantization

Impact Due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays: python import tensorflow as tf tf.rawops.RequantizationRangePerChannel...

8.5CVSS6.4AI score0.00185EPSS
Exploits0References8
Oracle linux
Oracle linux
added 2021/08/09 12:0 a.m.74 views

microcode_ctl security, bug fix and enhancement update

4:20210216-1.20210608.0.1 - add support for UEK6 kernels - enable early update for 06-4f-01 - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 - enable early and late load on RHCK 4:20210216-1.20210608.1 - Update Intel CPU microcode to microcode-20210608 release: - Fixes in...

8.8CVSS2.4AI score0.00587EPSS
Exploits0
OSV
OSV
added 2021/08/02 5:15 a.m.9 views

AZL-6566 CVE-2021-34556 affecting package kernel for versions less than 5.10.78.1-1

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack...

5.5CVSS6.7AI score0.00419EPSS
Exploits2References1
Rosalinux
Rosalinux
added 2021/07/02 5:8 p.m.33 views

Advisory ROSA-SA-2021-1859

Software: kernel 3.10.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-10751 CVE-Crit: MEDIUM CVE-DESC: A bug was discovered in the implementation of the SELinux LSM trap in Linux kernels prior to version 5.7, where it was incorrectly assumed that skb would only contain a single netlink message. The trap...

6.1CVSS6.8AI score0.00348EPSS
Exploits0
Prion
Prion
added 2021/06/11 3:15 p.m.21 views

Design/Logic Flaw

x86: Speculative vulnerabilities with bare non-shim 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to...

2.1CVSS5.6AI score0.00375EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/06/04 2:15 a.m.18 views

CVE-2021-3491

The iouring subsystem in the Linux kernel allowed the MAXRWCOUNT limit to be bypassed in the PROVIDEBUFFERS operation, which led to negative values being usedin memrw when reading /proc//mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was...

8.8CVSS0.00629EPSS
Exploits0References6
Prion
Prion
added 2021/06/04 2:15 a.m.34 views

Out-of-bounds

The eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e "bpf: Fix...

7.2CVSS8.1AI score0.27477EPSS
Exploits8References7Affected Software2
Cvelist
Cvelist
added 2021/06/04 1:40 a.m.31 views

CVE-2021-3491 Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass

The iouring subsystem in the Linux kernel allowed the MAXRWCOUNT limit to be bypassed in the PROVIDEBUFFERS operation, which led to negative values being usedin memrw when reading /proc//mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was...

7.8CVSS8.8AI score0.00629EPSS
Exploits0References6
Cvelist
Cvelist
added 2021/06/04 1:40 a.m.40 views

CVE-2021-3490 Linux kernel eBPF bitwise ops ALU32 bounds tracking

The eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e "bpf: Fix...

7.8CVSS8.4AI score0.27477EPSS
Exploits8References7
OSV
OSV
added 2021/05/27 7:15 p.m.4 views

CVE-2020-10774

A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rhfeatures file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to...

5.5CVSS6.7AI score0.00262EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2021/05/25 12:0 a.m.112 views

glibc security, bug fix, and enhancement update

2.28-151.0.1.el84 - merge RH patches for ol8-u4 release Review-exception: Patch merge - Provide glibc.pthread.mutexspincount tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag ...

9.8CVSS0.4AI score0.04731EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2021/05/13 5:56 a.m.210 views

CVE-2020-24588

A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. This can cause the frame to pass checks and be considered a valid frame of a different type. Mitigation...

4.3CVSS1.1AI score0.03537EPSS
Exploits2References4
OSV
OSV
added 2021/05/11 5:0 p.m.4 views

UBUNTU-CVE-2021-3490

The eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e "bpf: Fix...

7.8CVSS6.9AI score0.27477EPSS
Exploits8References7
OSV
OSV
added 2021/05/11 5:0 p.m.3 views

UBUNTU-CVE-2021-3489

The eBPF RINGBUF bpfringbufreserve function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee "bp...

7.8CVSS7.1AI score0.0055EPSS
Exploits0References7
Mageia
Mageia
added 2021/05/02 4:29 p.m.52 views

Updated nvidia-current packages fix security vulnerabilities

Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko where improper access control may lead to denial of service, information disclosure, or data corruption CVE-2021-1076. NVIDIA GPU Display...

7.8CVSS1.9AI score0.00347EPSS
Exploits0References3
Mageia
Mageia
added 2021/05/02 4:29 p.m.51 views

Updated nvidia390 packages fix security vulnerabilities

Updated nvidia390 packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko where improper access control may lead to denial of service, information disclosure, or data corruption CVE-2021-1076. It also fixes a bug where...

7.8CVSS2.2AI score0.00347EPSS
Exploits0References3
OSV
OSV
added 2021/05/02 4:29 p.m.7 views

MGASA-2021-0202 Updated nvidia390 packages fix security vulnerabilities

Updated nvidia390 packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko where improper access control may lead to denial of service, information disclosure, or data corruption CVE-2021-1076. It also fixes a bug where...

7.8CVSS7.7AI score0.00347EPSS
Exploits0References4
OSV
OSV
added 2021/05/02 4:29 p.m.8 views

MGASA-2021-0203 Updated nvidia-current packages fix security vulnerabilities

Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko where improper access control may lead to denial of service, information disclosure, or data corruption CVE-2021-1076. NVIDIA GPU Display...

7.8CVSS7AI score0.00347EPSS
Exploits0References4
Rows per page
Query Builder