Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A use-after-free flaw was discovered in qdiscgraft in the net/sched/schapi.c file of the Linux Kernel, due to a race condition. This flaw causes a denial-of-service issue. If the patch ebda44da44f6 “net: sched: fix race condition in qdiscgraft” is not applied yet, then the kernel may be affected...

OracleVM 3.4 : kernel-uek (OVMSA-2024-0006)

The remote OracleVM system is missing necessary patches to address security updates: 4.1.12-124.87.2- net: sched: fix race condition in qdiscgraft Eric Dumazet Orabug: 35250827 CVE-2023-05904.1.12-124.87.1- ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet Zhengchao Shao Orabug:...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2024-0017)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - qfqchangeclass in net/sched/schqfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQMINLMAX...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12150)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12150 advisory. - sched/rt: picknextrtentity: check listentry Pietro Borrello Orabug: 35181559 CVE-2023-1077 - net/sched: schhfsc: Ensure inner classes have fsc curve...

ALSA-2023:7077 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tun: avoid double free in tunfreenetdev CVE-2022-4744 kernel: net/sched: multiple vulnerabilities CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208...

ROS-20230416-10

A vulnerability in the qdiscgraft function net/sched/schapi.c of the traffic control subsystem of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

kernel: NULL pointer dereference in traffic control subsystem

A NULL pointer dereference flaw was found in qdiscgraft in net/sched/schapi.c in the Linux kernel. This issue may allow a local unprivileged user to trigger a denial of service if the allocworkqueue function return is not validated in time of failure, resulting in a system crash or leaked interna...

CVE-2023-0590

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

CVE-2023-0590

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

Race condition

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

CVE-2023-0590

CVE-2023-0590: A use-after-free in qdisc_graft (net/sched/sch_api.c) due to a race condition in the Linux kernel can lead to denial of service. The issue is noted in multiple public bulletins (e.g., Astra Linux and IBM QRadar) referencing the same kernel component, with remediation via patch ebda...

CVE-2023-0590

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1551)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2023-1444)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in fs/ext4/namei.c:dxinsertblock in the Linux kernel's filesystem sub- component. This flaw allows a local...

CVE-2022-47929

A NULL pointer dereference flaw was found in qdiscgraft in net/sched/schapi.c in the Linux kernel. This issue may allow a local unprivileged user to trigger a denial of service if the allocworkqueue function return is not validated in time of failure, resulting in a system crash or leaked interna...

The vulnerability of the qdisc_graft function (net/sched/sch_api.c) in the Linux kernel’s traffic management subsystem allows a attacker to cause a service failure.

The vulnerability of the qdiscgraft function in the net/sched/schapi.c file of the Linux kernel’s network traffic management subsystem is related to the use of previously freed memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2023-0590

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

CVE-2023-0590

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected. Mitigation Mitigation f...

Null pointer dereference

In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service system crash via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdiscgraft in...

CVE-2022-47929

CVE-2022-47929 is a Linux kernel vulnerability: a NULL pointer dereference in the traffic control subsystem (affecting qdisc_graft in net/sched/sch_api.c) that allows an unprivileged user to trigger a denial of service (system crash) via crafted tc qdisc/class configurations. Exploitation is loca...