18 matches found
CVE-2026-46085 rxrpc: Fix rxkad crypto unalignment handling
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting. Further, remove the WARNONONCE so that it can't be remotely trigger...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Do not free decrypted memory. In CoCo VMs, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail, resulting in an error and the shared memory being retained. Callers must ta...
Moxa Industrial Linux 安全漏洞
Moxa Industrial Linux is an industrial-grade Linux system developed by Moxa Corporation in Taiwan, China. Moxa Industrial Linux has a security vulnerability, which stems from the physical attack vulnerability present in LUKS full-disk encryption supported by TPM. This vulnerability could lead to...
Azure Linux 3.0 Security Update: kernel (CVE-2024-36910)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36910 advisory. - In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Don't free decrypted memor...
CVE-2024-39846
NewPass before 1.2.0 stores passwords rather than password hashes directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use...
EUVD-2017-1386
Malware in sbrugna...
PT-2024-28698 · Newpass · Newpass
Name of the Vulnerable Software and Affected Versions: NewPass versions prior to 1.2.0 Description: The issue allows unauthorized access to sensitive information because passwords are stored directly rather than as password hashes. Although data at rest is encrypted, it is decrypted within proces...
SUSE CVE-2024-36910
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need...
SUSE CVE-2024-36912
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbusgpadl In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is share...
SUSE CVE-2024-36913
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if setmemoryencrypted fails In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is...
AZL-43248 CVE-2024-36910 affecting package kernel for versions less than 6.6.64.2-9
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need...
DEBIAN-CVE-2024-36913
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if setmemoryencrypted fails In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is...
DEBIAN-CVE-2024-36909
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resultin...
CVE-2024-36912
CVE-2024-36912 (Linux kernel) affects the hv: vmbus component. The fix adds a decryption-status field to struct vmbus_gpadl to track the decrypted state of buffers, enabling callers of vmbus_establish_gpadl() and vmbus_teardown_gpadl() to decide whether to free or leak pages instead of returning ...
CVE-2024-36912 Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbusgpadl In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is share...
PT-2024-26790
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the dma-direct feature in the Linux kernel, where an untrusted host on TDX can cause set memory encrypted or set memory decrypted to fail, resulting in shared...
PT-2024-27202
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description In CoCo VMs, it is possible for the untrusted host to cause set memory encrypted or set memory decrypted to fail, resulting in shared memory. Callers need to handle these errors to avoid...
August 30, 2018—KB4343889 (OS Build 15063.1292)
None None...