openSUSE: Security Advisory for xorg (SUSE-SU-2023:4925-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS : Linux kernel (GKE) vulnerabilities (USN-6653-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6653-4 advisory. It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free...

openSUSE: Security Advisory for xwayland (SUSE-SU-2023:4933-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-6653-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6653-3 advisory. It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free...

CentOS 9 : libwebp-1.2.0-8.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libwebp-1.2.0-8.el9 build changelog. - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6653-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6653-2 advisory. It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6648-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6648-2 advisory. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6648-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6648-1 advisory. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free...

RHEL 8 : kpatch-patch (RHSA-2024:0876)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0876 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

RHEL 8 : kpatch-patch (RHSA-2024:0851)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0851 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2024-1149)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : libwebp (EulerOS-SA-2024-1149)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds...

kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges

A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system...

RHEL 9 : kernel (RHSA-2024:0723)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0723 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ktls overwrites readonly memor...

PT-2024-8424 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a race condition error in the HDMA controller register. The Linked list element and pointer are not stored in the same memory as the HDMA controller register. I...

Low: jasper

Issue Overview: An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. CVE-2023-51257 Affected Packages: jasper Issue Correction: Run dnf update jasper --releasever 2023.3.20240205 or dnf update --advisory ALAS2023-2024-511...

Amazon Linux 2023 : jasper, jasper-devel, jasper-libs (ALAS2023-2024-511)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-511 advisory. An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. CVE-2023-51257 Tenable has extracted the preceding description block directl...

Low: jasper

Issue Overview: An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. CVE-2023-51257 Affected Packages: jasper Issue Correction: Run dnf update jasper --releasever 2023.3.20240205 to update your system. New Packages: aarch64:...