EulerOS 2.0 SP5 : libwebp (EulerOS-SA-2024-1149)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds...

kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges

A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system...

RHEL 9 : kernel (RHSA-2024:0723)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0723 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ktls overwrites readonly memor...

PT-2024-8424 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a race condition error in the HDMA controller register. The Linked list element and pointer are not stored in the same memory as the HDMA controller register. I...

Low: jasper

Issue Overview: An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. CVE-2023-51257 Affected Packages: jasper Issue Correction: Run dnf update jasper --releasever 2023.3.20240205 or dnf update --advisory ALAS2023-2024-511...

Amazon Linux 2023 : jasper, jasper-devel, jasper-libs (ALAS2023-2024-511)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-511 advisory. An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. CVE-2023-51257 Tenable has extracted the preceding description block directl...

Low: jasper

Issue Overview: An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. CVE-2023-51257 Affected Packages: jasper Issue Correction: Run dnf update jasper --releasever 2023.3.20240205 to update your system. New Packages: aarch64:...

kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-488)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-488 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disable sending iouring over sockets CVE-2023-52654 In the Linux kernel, the following vulnerability has been...

Fedora 39 : mingw-jasper (2024-f53b383648)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f53b383648 advisory. Backport fix for CVE-2023-51257. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

DEBIAN-CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

AZL-34873 CVE-2024-0646 affecting package kernel for versions less than 6.6.35.1-4

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Design/Logic Flaw

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation To...

CVE-2024-0646 Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2024-0646

CVE-2024-0646 describes an out-of-bounds memory write in the Linux kernel’s Transport Layer Security path, occurring when a user calls a splice function with a ktls socket as the destination. The issue could allow a local user to crash the system or potentially escalate privileges. Connected advi...

CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...