Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data. The driver needs to keep track of all possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256, and the...

CVE-2023-54012 net: fix stack overflow when LRO is disabled for virtual interfaces

In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's feature is updated, it synchronizes the updated feature for its own lower interface. This propagation logic should be worked as the...

CVE-2023-54012

The CVE-2023-54012 vulnerability in the Linux kernel describes a stack overflow risk when LRO is disabled for virtual interfaces. The root cause is a recursive-like propagation of NETDEV_FEAT_CHANGE notifications between a parent team/bond interface and its lower interfaces, instead of a strictly...

EUVD-2018-7189

Malware in sbrugna...

EUVD-2024-53304

Malicious code in bioql PyPI...

CVE-2024-56656 bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X P7 chip's HW GRO/LRO interface is very similar to that of the previous generation 5750X or P5. However, the aggregation ID fields in the completion structur...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.336.5.1 - vhost/scsi: null-ptr-dereference in vhostscsigetreq Haoran Zhang Orabug: 37138988 5.4.17-2136.336.5 - uek-rpm: Add skxedaccommon.ko to nanomodules Sherry Yang Orabug: 37030127 - EDAC, i10nm: make skxcommon.o a separate module Arnd Bergmann Orabug: 37030127 - uek-rpm:...

kernel: bnxt_en: Avoid order-5 memory allocation for TPA data

In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256 and the...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

K07550539: TMM with LRO vulnerability CVE-2018-15311

Security Advisory Description When Large Receive Offload LRO is enabled, undisclosed traffic patterns may cause TMM to restart. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0 for all platforms and 12.0.0 for Virtual Edition. CVE-2018-15311 Impact An attacker may be...

Malicious code in media-types-v3-lro-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80f9bb10c24b620f2a73772282a7ee282d7e8fca13e819fd51291aefb2371449 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4537 Malicious code in media-types-v3-lro-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80f9bb10c24b620f2a73772282a7ee282d7e8fca13e819fd51291aefb2371449 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4410 Malicious code in lro-parameterized-endpoints (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a548e0b8236b995248022f06f37ba6ada6b2ebda047546a78962cfcca6c4e604 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lro (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a142825e7cc04821ac7056d56214c9a77a4e0bf5f4f74506207205b21f7b985 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lro-parameterized-endpoints (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a548e0b8236b995248022f06f37ba6ada6b2ebda047546a78962cfcca6c4e604 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4409 Malicious code in lro (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a142825e7cc04821ac7056d56214c9a77a4e0bf5f4f74506207205b21f7b985 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

F5 Networks BIG-IP : TMM with LRO vulnerability (K07550539)

When Large Receive Offload LRO is enabled, undisclosed traffic patterns may cause TMM to restart. LRO has been available since 11.4.0 but is not enabled by default until13.1.0 for all platformsand 12.0.0 for Virtual Edition. CVE-2018-15311 Impact An attacker may be able to disrupt traffic or caus...

CVE-2018-15311

When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload LRO feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected...

CVE-2018-15311

F5 BIG-IP TMM is vulnerable to CVE-2018-15311 when TCP Large Receive Offload (LRO) is enabled. Affects 13.0.0–13.1.0.5, 12.1.0–12.1.3.5, 11.6.0–11.6.3.2, and 11.5.1–11.5.6; LRO is not enabled by default until 13.1.0 for some platforms. Impact: disruption of traffic or failover to another device i...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2016:0185 Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...