Netfilter nft_set_elem_init Heap Overflow Privilege Escalation

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges. The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAPNETADMIN...

Oracle Linux 9 : kernel (ELSA-2022-6610)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6610 advisory. - lockdown: also lock down previous kgdb use Daniel Thompson Orabug: 34290418 CVE-2022-21499 - netfilter: nftables: sanitize nftsetdescconcatparse...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-2321)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When setting font with malicous data by ioctl cmd PIOFONT,kernel will write memory out of bounds. CVE-2021-33656 - In lgprobe and related...

Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5582-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5582-1 advisory. Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-034)

The version of kernel installed on the remote host is prior to 5.4.209-116.363. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-034 advisory. An out-of-bounds write flaw was found in the Linux kernel's framebuffer-based console driver functionality...

SUSE SLES15 Security Update : kernel (Live Patch 11 for SLE 15 SP3) (SUSE-SU-2022:2738-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2738-1 advisory. - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the...

SUSE SLES15 Security Update : kernel (Live Patch 18 for SLE 15 SP3) (SUSE-SU-2022:2759-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2759-1 advisory. - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the...

SUSE SLES15 Security Update : kernel (Live Patch 17 for SLE 15 SP3) (SUSE-SU-2022:2732-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2732-1 advisory. - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the...

SUSE SLES15 Security Update : kernel (Live Patch 16 for SLE 15 SP3) (SUSE-SU-2022:2727-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2727-1 advisory. - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (OEM) vulnerability (USN-5545-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5545-1 advisory. Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this ...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-018)

The version of kernel installed on the remote host is prior to 5.10.130-118.517. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-018 advisory. An out-of-bounds write flaw was found in the Linux kernel's framebuffer-based console driver functionali...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-005)

The version of kernel installed on the remote host is prior to 5.15.54-25.126. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-005 advisory. Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explain...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges CVE-2022-2318. Xen Block and...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges CVE-2022-2318. Xen Block and Networ...

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2376-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2376-1 advisory. - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage...

CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. The attacker can obtain root access, but must start with an...

CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. The attacker can obtain root access, but must start with an...

CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. The attacker can obtain root access, but must start with an...