96 matches found
AZL-48635 CVE-2024-44931 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...
UBUNTU-CVE-2024-44931
In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...
SUSE CVE-2024-42265
In the Linux kernel, the following vulnerability has been resolved: protect the fetch of -fdfd in dodup2 from mispredictions both callers have verified that fd is not greater than -maxfds; however, misprediction might end up with tofree = fdt-fdfd; being speculatively executed. That's wrong for t...
DEBIAN-CVE-2024-42265
In the Linux kernel, the following vulnerability has been resolved: protect the fetch of -fdfd in dodup2 from mispredictions both callers have verified that fd is not greater than -maxfds; however, misprediction might end up with tofree = fdt-fdfd; being speculatively executed. That's wrong for t...
UBUNTU-CVE-2024-42265
In the Linux kernel, the following vulnerability has been resolved: protect the fetch of -fdfd in dodup2 from mispredictions both callers have verified that fd is not greater than -maxfds; however, misprediction might end up with tofree = fdt-fdfd; being speculatively executed. That's wrong for t...
SUSE CVE-2022-48804
In the Linux kernel, the following vulnerability has been resolved: vtioctl: fix arrayindexnospec in vtsetactivate arrayindexnospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console...
DEBIAN-CVE-2022-48804
In the Linux kernel, the following vulnerability has been resolved: vtioctl: fix arrayindexnospec in vtsetactivate arrayindexnospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console...
CVE-2022-48804
In the Linux kernel, the following vulnerability has been resolved: vtioctl: fix arrayindexnospec in vtsetactivate arrayindexnospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console...
PT-2024-32189
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the prevention of Spectre v1 gadget construction in the sys rtas function. The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as...
SUSE CVE-2022-48730
In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via...
DEBIAN-CVE-2022-48730
In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via...
UBUNTU-CVE-2022-48730
In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via...
CVE-2023-52746
In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrmxlate32attr int type = nlatypenla; if type XFRMAMAX return -EOPNOTSUPP; @type is then used as an array index and can be used as a Spectre v1 gadget. if nlalennla...
UBUNTU-CVE-2023-52746
In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrmxlate32attr int type = nlatypenla; if type XFRMAMAX return -EOPNOTSUPP; @type is then used as an array index and can be used as a Spectre v1 gadget. if nlalennla...
UBUNTU-CVE-2023-0459
Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond...
PT-2023-2689 · Linux +7 · Linux Kernel +7
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 Description: The issue is related to the copy from user function in the Linux kernel, which does not implement the uaccess begin nospec feature. This allows a...