MiracleLinux 7 : kernel-3.10.0-1160.45.1.el7 (AXSA:2021-2485:23)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2485:23 advisory. kernel: Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks CVE-2021-22543 kernel: powerpc: KVM guest OS users can cause host OS...

USN-5092-2 linux-hwe-5.11, linux-azure, linux-azure-5.11, linux-oracle-5.11 vulnerabilities

Valentina Palmiotti discovered that the iouring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. CVE-2021-41073 Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in...

USN-5091-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities

Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. CVE-2021-33624 It was...

Ubuntu: Security Advisory (USN-3507-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3507-2 linux-gcp vulnerabilities

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...

USN-3507-2: Linux kernel (GCP) vulnerabilities

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...

Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3507-1) (Dirty COW)

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...

Ubuntu 16.04 LTS : Linux kernel (GCP) vulnerabilities (USN-3507-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3507-2 advisory. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this...

Ubuntu: Security Advisory (USN-3507-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3507-1: Linux kernel vulnerabilities

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...

USN-3084-1 linux vulnerabilities

Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. CVE-2016-6136 It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...