SUSE CVE-2024-26752

In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6appenddata l2tpip6sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the...

Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS is a Juniper Networks USA network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS versions 21.4 through 21.4R3-S4, 22.1 through 22.1R3-S4, 22.2 through...

PT-2024-5063 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 20.4R3-S9 Junos OS versions from 21.2 prior to 21.2R3-S7 Junos OS versions from 21.3 prior to 21.3R3-S5 Junos OS versions from 21.4 prior to 21.4R3-S4 Junos OS versions from 22.1 prior to 22.1R3-S4 Junos OS versions...

PT-2024-4771 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 23.2R1-S1-EVO Juniper Networks Junos OS Evolved version 23.2R2-EVO Description: A NULL Pointer Dereference issue in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved allo...

PT-2024-3167 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Junos OS versions 21.4 through 21.4R3-S4 Junos OS versions 22.1 through 22.1R3-S4 Junos OS versions 22.2 through 22.2R3-S2 Junos OS versions 22.3 through 22.3R2-S2, 22.3R3-S1 Junos OS versions 22.4 through 22.4R3 Junos OS versions 23.2 throug...

DEBIAN-CVE-2024-26752

In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6appenddata l2tpip6sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the...

CLSA-2024-1710945589 Fix of 9 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-52449 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier Bionic update: upstream stable patchset 2018-08-29 LP: 1789666 // CVE- url: https://ubuntu.com/security/CVE-2022-20567 - l2tp: fix refcount leakage on PPPoL2TP sockets Bionic upda...

USN-6700-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

It was discovered that the Layer 2 Tunneling Protocol L2TP implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or...

The vulnerability of Cisco IOS XR’s Ethernet Layer 2 services allows a hacker to trigger a service failure.

The vulnerability of Cisco IOS XR’s Ethernet Layer 2 services is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted Ethernet frames...

Cisco IOS XR Security Vulnerability

Cisco IOS XR is an operating system developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS XR, which arises from a security flaw in Layer 2 Ethernet services that allows an unauthenticated, neighboring attacker to cause the line card's network processor to reset,...

PT-2024-2146 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset,...

SUSE CVE-2023-52527

In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata Including the transhdrlen in length is a problem when the packet is partially filled e.g. something like sendMSGMORE happened previously when appending to an IPv4 or IPv6...

DEBIAN-CVE-2023-52527

In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata Including the transhdrlen in length is a problem when the packet is partially filled e.g. something like sendMSGMORE happened previously when appending to an IPv4 or IPv6...

UBUNTU-CVE-2023-52527

In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata Including the transhdrlen in length is a problem when the packet is partially filled e.g. something like sendMSGMORE happened previously when appending to an IPv4 or IPv6...

OpenBSD Security Vulnerabilities

OpenBSD is a cross-platform, BSD-based, UNIX-like operating system from the Canadian OpenBSD project group. A security vulnerability exists in versions prior to OpenBSD 7.3 errata 016, which stems from an l2tp message containing an AVP of incorrect length that causes a crash...

CVE-2024-20294

A vulnerability in the Link Layer Discovery Protocol LLDP feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of specific fields i...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. CVE-2022-4129 In...

kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service...

The vulnerability of the pppol2tp_create() function in the net/l2tp/l2tp_ppp.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information, or to enhance their privileges.

The vulnerability of the pppol2tpcreate function in the net/l2tp/l2tpppp.c module of the Linux kernel is related to concurrent resource access race condition. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...

UBUNTU-CVE-2023-5088

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...