Linux kernel 'usb_audio_probe' function memory misreference vulnerability

The Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the U.S. ALSA Driver is one of the audio drivers. A memory misreference vulnerability exists in the 'usbaudioprobe' function of the sound/usb/card.c file of the ALSA Driver in the...

DEBIAN-CVE-2018-19824

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device with zero interfaces that is mishandled in usbaudioprobe in sound/usb/card.c...

Design/Logic Flaw

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device with zero interfaces that is mishandled in usbaudioprobe in sound/usb/card.c...

CVE-2018-11823

CVE-2018-11823 affects CAF Android releases (Android for MSM, Firefox OS for MSM, QRD Android) based on the Linux kernel. The vulnerability is a double-free in the power module triggered by freeing device memory during driver probe failure. Root cause described as improper memory handling in the ...

CVE-2018-11918

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code...

Code injection

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code...

Double free

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free issue in power module...

Oracle Linux 7 : gnutls (ELSA-2018-3050)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3050 advisory. - Improved counter-measures in TLS CBC record padding for lucky13 attack CVE-2018-10844, 1589704, CVE-2018-10845, 1589707 - Added counter-measures for...

Updated gnutls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: It was found that the GnuTLS implementation of HMAC-SHA-256 and HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical...

F5 Networks BIG-IP : TMM vulnerability (K81137982)

Undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel TMM. CVE-2017-6136 Impact An attacker may be able to disrupt traffic or...

Side-Channel Attack

libgnutls.so is vulnerable to plain text recovery via cache-based side channel. An attacker is able to use a combination of Just in Time Prime+probe and Lucky-13 attacks to recover plain text using crafted packets in a cross-VM setting...

RHEL 7 : gnutls (RHSA-2018:3050)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3050 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as...

gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery

A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of "Just in Time" Prime+probe and Lucky-13 attacks to recover plain text in a cross-VM attack scenario...

Moderate: Red Hat Security Advisory: gnutls security, bug fix, and enhancement update

An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

SUSE SLES12 Security Update : gnutls (SUSE-SU-2018:2825-2)

This update for gnutls fixes the following issues : This update for gnutls fixes the following issues : Security issues fixed : Improved mitigations against Lucky 13 class of attacks 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery CVE-2018-10846,...

Russian Trolls Are Still Playing Both Sides—Even With the Mueller Probe

The latest indictment against Russian trolls shows how they sowed division in the US on wedge issues, including the investigation into their activity...

Security Bulletin: IBM Netcool/OMNIbus Probe DSL Factory Framework is affected by Apache Camel's Core vulnerability

Summary IBM Netcool/OMNIbus Probe DSL Factory Framework probe-dsl-framework-40 has addressed the following vulnerability caused by Apache Camel's Core component. Vulnerability Details CVEID: CVE-2018-8027 DESCRIPTION: Apache Camel's Core could allow a remote attacker to obtain sensitive...

Security update for gnutls (moderate)

This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 - CVE-2018-10845: HMAC-SHA-384 vulnerable to...

SUSE SLES12 Security Update : gnutls (SUSE-SU-2018:2825-1)

This update for gnutls fixes the following issues : This update for gnutls fixes the following issues : Security issues fixed : Improved mitigations against Lucky 13 class of attacks 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery CVE-2018-10846,...

CVE-2018-5871

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660,...