18 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability related to out-of-bounds memory access was discovered in the Linux kernel’s TUN/TAP device driver functionality. This vulnerability occurs when a user generates a malicious excessively large network packet while napi frags is enabled. This flaw allows a local user to cause a syste...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: idpf: Error handling in the inittask during loading was fixed. If the inittask fails during driver loading, we end up with no vports and netdevs, effectively failing the entire process. In that state, a subsequent reset will resu...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : QEMU vulnerabilities (USN-8412-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8412-1 advisory. Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly...
kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw
In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40eclearhw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer underflow by changing the...
USN-7516-4 linux-oracle-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - Block layer subsystem; - Drivers core; - Network block device driver;...
CVE-2024-53044 net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext()
In the Linux kernel, the following vulnerability has been resolved: net/sched: schapi: fix xainsert error path in tcfblockgetext This command: $ tc qdisc replace dev eth0 ingressblock 1 egressblock 1 clsact Error: block dev insert failed: -EBUSY. fails because user space requests the same block...
USN-6223-1: Linux kernel (Azure CVM) vulnerabilities
It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service system crash. CVE-2023-1076 It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type...
USN-6186-1: Linux kernel vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...
USN-6175-1: Linux kernel vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...
USN-6033-1: Linux kernel (OEM) vulnerabilities
It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...
Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4225-2)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4225-2 advisory. USN-4225-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.10. This update provides the corresponding updates for the Linux Hardware Enablement H...
USN-4226-1: Linux kernel vulnerabilities
Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. CVE-2019-10220 It was discovered that a heap-based buffer overflow existed in the...
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4226-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4226-1 advisory. Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling ...
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4227-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4227-1 advisory. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attack...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Cisco ASA 8.4.4.6 8.2.5.32 - Ethernet Information Leak
Cisco ASA 8.4.4.6 8.2.5.32 - Ethernet Information Leak !/usr/bin/env python CVE-2003-0001 'Etherleak' exploit ================================= Exploit for hosts which use a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel...
Cisco ASA Ethernet Information Leak
!/usr/bin/env python CVE-2003-0001 'Etherleak' exploit ================================= Exploit for hosts which use a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or...
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
source: https://www.securityfocus.com/bid/6535/info Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers. Frames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null or...