SUSE SLES15 Security Update : kernel RT (Live Patch 10 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2131-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2131-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.34 fixes various security issues The following security issues were fixed: -...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/47x: Fixed the crash that occurs during the 47x syscall return. Eddie reported that newer kernels crashed during boot on his 476FSP2 system: - The kernel attempted to execute the user page b7ee2000 – a potential exploi...

CVE-2024-40927

In the Linux kernel, the following vulnerability has been resolved: xhci: Handle TD clearing for multiple streams case When multiple streams are in use, multiple TDs might be in flight when an endpoint is stopped. We need to issue a Set TR Dequeue Pointer for each, to ensure everything is reset...

CVE-2022-48841

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceupdatevsitxringstats It is possible to do NULL pointer dereference in routine that updates Tx ring stats. Currently only stats and bytes are updated when ring pointer is valid, but later on...

CVE-2022-48841 ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceupdatevsitxringstats It is possible to do NULL pointer dereference in routine that updates Tx ring stats. Currently only stats and bytes are updated when ring pointer is valid, but later on...

CVE-2024-27063

In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kernel panic on interface rename trig notify Commit d5e01266e7f5 "leds: trigger: netdev: add additional specific link speed mode" in the various changes, reworked the way to set the LINKUP mode in commi...

CVE-2021-46926 ALSA: hda: intel-sdw-acpi: harden detection of controller

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: harden detection of controller The existing code currently sets a pointer to an ACPI handle before checking that it's actually a SoundWire controller. This can lead to issues where the graph walk...

GO-2022-0316 Incorrect calculation in github.com/open-policy-agent/opa

Pretty-printing an AST that contains synthetic nodes can change the logic of some statements by reordering array literals...

Cisco IOS Software 802.1x Multiple-Authentication Port Authentication Bypass (cisco-sa-20180328-dot1x)

According to its self-reported version, Cisco IOS is affected by an authentication bypass vulnerability in the 802.1x multiple-authentication multi-auth feature due to a logic change error introduced into the code. An unauthenticated, adjacent attacker could exploit this, by trying to access an...

CVE-2018-0163

A vulnerability in the 802.1x multiple-authentication multi-auth feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker...

Authentication flaw

A vulnerability in the 802.1x multiple-authentication multi-auth feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker...

CVE-2018-0163

A vulnerability in the 802.1x multiple-authentication multi-auth feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker...

HackerOne: Report invitation links not restricted to any existing user

We recently made a change to how report invitations in order to make the Disclosure Assistance process better. Parts of this change regressed the fix we made in 123420 regarding how report invitations such as to become an external participant are handled. @japzdivino notified of this regression a...