CVE-2022-39131

The CVE-2022-39131 entry concerns a memory corruption issue in a camera driver caused by improper locking, leading to local denial of service in the kernel. The affected component is described as the camera driver (no specific vendor/model in the provided documents). The root cause is improper sy...

CVE-2022-42775

CVE-2022-42775 involves the UNISOC camera driver, where improper locking can cause memory corruption and a local kernel denial of service. Concrete details across connected sources reiterate the vulnerability class but do not specify affected products/versions or a confirmed remediation. In summa...

PT-2024-11847 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a crash when replugging CSR fake controllers in the Linux kernel's Bluetooth component. It seems that fake CSR 5.0 clones can cause the suspend notifier to be...

ASB-A-252950986

In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel...

PUB-A-165329981

In l2capchanput of l2capcore, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

libvirt security, bug fix, and enhancement update

8.5.0-7.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 8.5.0-7 - securityselinux: Dont ignore NVMe disks when setting image label rhbz2121441 8.5.0-6 - qemuprocess: Destroy domains namespace after killing QEMU rhbz2121141 8.5.0-5 - rpc: Pass OPENSSLCONF through to ssh invocations...

Exploit for Use After Free in Linux Linux_Kernel

CVE-2022-2602 This repository contain...

MariaDB 10.0.0 < 10.0.1 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.1 advisory. - Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users t...

MariaDB 10.1.0 < 10.1.33 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.1.33. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.1.33 advisory. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.3...

MariaDB 10.2.0 < 10.2.15 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.2.15. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.2.15 advisory. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.3...

SUSE: Security Advisory (SUSE-SU-2022:4007-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver-nwfilters object. This fl...

kernel: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriovnumvfs to zero It is possible to disable VFs while the PF driver is processing requests from the VF driver. This can result in a panic. BUG: unable to handle kernel paging...

GSD-2022-1006787 ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller

ftrace: Fix recursive locking directmutex in ftracemodifydirectcaller This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...

Design/Logic Flaw

Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...

PYSEC-2022-43055

Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...

PT-2022-37332 · Unknown · Hyperledger Fabric

Name of the Vulnerable Software and Affected Versions: Hyperledger Fabric version 2.3 Description: The issue allows attackers to cause a denial of service by repeatedly sending a crafted channel transaction with the same Channel name, leading to an orderer crash. However, the official Fabric with...

RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2022:7472)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7472 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contai...

CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2022:7472)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7472 advisory. - QEMU: fdc: heap buffer overflow in DMA read data transfers CVE-2021-3507 - libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to deni...

libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver-nwfilters object. This fl...