Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6routempathnotify CVE-2024-26852 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem...

Mageia: Security Advisory (MGASA-2024-0354)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated quictls packages fix security vulnerability

Invalid low-level GF2^m parameters can lead to an OOB memory access. CVE-2024-9143...

FreeBSD : OpenSSL -- OOB memory access vulnerability (c6f4177c-8e29-11ef-98e7-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c6f4177c-8e29-11ef-98e7-84a93843eb75 advisory. The OpenSSL project reports: Low-level invalid GF2^m parameters lead to OOB memory access CVE-2024-9143...

OpenSSL OOB Memory Access Vulnerability (20241016) - Linux

OpenSSL is prone to an out of bound OOB memory access vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenSSL OOB Memory Access Vulnerability (20241016) - Windows

OpenSSL is prone to an out of bound OOB memory access vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-9143 Low-level invalid GF(2^m) parameters lead to OOB memory access

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

OpenSSL -- OOB memory access vulnerability

The OpenSSL project reports: Low-level invalid GF2^m parameters lead to OOB memory access CVE-2024-9143 Low Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...

CVE-2024-42292 kobject_uevent: Fix OOB access within zap_modalias_env()

In the Linux kernel, the following vulnerability has been resolved: kobjectuevent: Fix OOB access within zapmodaliasenv zapmodaliasenv wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed b...

EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2023-3418)

According to the versions of the kernel package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-2811)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbnet.c has a .disconnect versus dvbdeviceopen race condition...

CVE-2023-45897

exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in readfiledentryset...

Ubuntu 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6349-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6349-1 advisory. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically...

SUSE-SU-2023:2859-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1077: Fixed a type confusion in picknextrtentity, that could cause memory corruption bsc1208600. - CVE-2023-1249: Fixed a use-after-free flaw in the cor...

CVE-2023-35001

An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...

OESA-2023-1381 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A memory corruption flaw was found in the Linux kernel’s human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2023-034 (ALASKERNEL-5.10-2023-034)

The version of kernel installed on the remote host is prior to 5.10.184-174.730. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2023-034 advisory. A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2023-021 (ALASKERNEL-5.15-2023-021)

The version of kernel installed on the remote host is prior to 5.15.117-72.142. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2023-021 advisory. In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT...

CVE-2023-3268

An out of bounds OOB memory access flaw was found in the Linux kernel in relayfilereadstartpos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information...

CVE-2023-3268

An out-of-bounds OOB memory access flaw was found in the Linux kernel in relayfilereadstartpos in kernel/relay.c in the relayfs. This flaw allows a local attacker to crash the system or leak kernel internal information. Mitigation Mitigation for this issue is either not available or the currently...