CVE-2019-15794

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On...

CVE-2019-17347

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux and possibly other guest kernels...

[SECURITY] [DSA 4539-2] openssh regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4539-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 07, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4539-2] openssh regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4539-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 07, 2019 https://www.debian.org/security/faq -...

[SECURITY] Fedora 30 Update: blis-0.6.0-4.fc30

BLIS is a portable software framework for instantiating high-performance BLAS-like dense linear algebra libraries. The framework was designed to isolate essential kernels of computation that, when optimized, immediately enable optimized implementations of most of its commonly used and...

UBUNTU-CVE-2019-15902

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptracegetdebugreg" commit reintroduced the...

CVE-2019-15239

In the Linux kernel, a certain net/ipv4/tcpoutput.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting...

DEBIAN-CVE-2019-15239

In the Linux kernel, a certain net/ipv4/tcpoutput.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting...

CVE-2019-15239

In the Linux kernel, a certain net/ipv4/tcpoutput.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting...

Design/Logic Flaw

In the Linux kernel, a certain net/ipv4/tcpoutput.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting...

UBUNTU-CVE-2019-15239

In the Linux kernel, a certain net/ipv4/tcpoutput.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting...

FreeBSD-SA-19:23.midi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:23.midi Security Advisory The FreeBSD Project Topic: kernel memory disclosure from /dev/midistat Category: core Module: sound Announced: 2019-08-20 Credits:...

Kernel update: Virtuozzo ReadyKernel patch 83.0 for all supported Virtuozzo 7.0 and Virtuozzo Infrastructure Platform kernels

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to all supported kernels of Virtuozzo 7.0 and Virtuozzo Infrastructure Platform. Vulnerability id: PSBM-94882 3.10.0-862.9.1.vz7.63.3 to 3.10.0-957.12.2.vz7.86.2 It was found that the in-kernel...

The vulnerability of the DirectComposition component in Windows operating system kernels allows a perpetrator to execute arbitrary code and gain control over the vulnerable system.

The vulnerability of the DirectComposition component in Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain control over the vulnerable system...

The vulnerability of the kvm_ioctl_create_device function in Linux operating system kernels allows a hacker to trigger a service failure.

The vulnerability of the kvmioctlcreatedevice function in Linux operating systems arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow a remote attacker to cause service failures...

AZL-6521 CVE-2019-3887 affecting package kernel for versions less than 5.10.78.1-1

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...

Ubuntu: Security Advisory (USN-3931-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2019-3874

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable...

UBUNTU-CVE-2019-3874

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable...

CVE-2019-9111

The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in sdeevtlogfilterwrite in drivers/gpu/drm/msm/sdedbg.c. This is exploitable for a device crash via a syscall by...