USN-6647-2 linux-azure vulnerabilities

It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...

CVE-2021-47045

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference in lpfcprepelsiocb It is possible to call lpfcissueelsplogi passing a did for which no matching ndlp is found. A call is then made to lpfcprepelsiocb with a null pointer to a lpfcnodelist...

CVE-2021-47045

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference in lpfcprepelsiocb It is possible to call lpfcissueelsplogi passing a did for which no matching ndlp is found. A call is then made to lpfcprepelsiocb with a null pointer to a lpfcnodelist...

SUSE CVE-2021-46925

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smcsock A crash occurs when smccdctxhandler tries to access smcsock but smcrelease has already freed it. 4570.695099 BUG: unable to handle page fault for address: 000000002eae9e88...

DEBIAN-CVE-2021-46925

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smcsock A crash occurs when smccdctxhandler tries to access smcsock but smcrelease has already freed it. 4570.695099 BUG: unable to handle page fault for address: 000000002eae9e88...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a security vulnerability that stems from the fact that the count of page references in use is not optimal, sometimes leading to kernel panics...

SUSE CVE-2023-52439

In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uioopen core-1 core-2 ------------------------------------------------------- uiounregisterdevice uioopen idev = idrfind deviceunregister&idev-dev putdevice&idev-dev uiodevicerelease getdevice&idev-dev...

PT-2024-21875

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises when unloading a modular pstore backend with records in pstorefs, triggering a dput double-drop warning. This warning occurs due to the incorrect use of d drop and dput ...

USN-6646-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...

USN-6645-1 linux vulnerability

It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service memory exhaustion...

CVE-2023-52439 uio: Fix use-after-free in uio_open

In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uioopen core-1 core-2 ------------------------------------------------------- uiounregisterdevice uioopen idev = idrfind deviceunregister&idev-dev putdevice&idev-dev uiodevicerelease getdevice&idev-dev...

kernel: drm/i915: Fix request ref counting during error capture & debugfs dump

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix request ref counting during error capture & debugfs dump When GuC support was added to error capture, the reference counting around the request object was broken. Fix it up. The context based search manages the...

The vulnerability in the `net/ipv6/ipv6_sockglue.c` component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability in the net/ipv6/ipv6sockglue.c component of the Linux operating system’s kernel is related to improper memory release before deleting the last reference. Exploiting this vulnerability can allow an attacker to cause a service failure...

kernel: tpm: fix reference counting for struct tpm_chip

In the Linux kernel, the following vulnerability has been resolved: tpm: fix reference counting for struct tpmchip The following sequence of operations results in a refcount warning: 1. Open device /dev/tpmrm. 2. Remove module tpmtisspi. 3. Write a TPM command to the file descriptor opened at ste...

kernel: drm/i915: Fix request ref counting during error capture & debugfs dump

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix request ref counting during error capture & debugfs dump When GuC support was added to error capture, the reference counting around the request object was broken. Fix it up. The context based search manages the...

PT-2023-9775

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vulnerability is related to a use-after-free bug in the Linux kernel's tracing component. It occurs when a kprobe event is deleted while its associated file is still open, causing a...

Linux kernel resource management error vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a security vulnerability that stems from a reference counting problem in vmwgfx that leads to reuse after release, which can be exploited by an attack...

SUSE-SU-2023:4058-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-39192: Fixed an out of bounds read in the netfilter bsc1215858. - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem bsc1215860. -...

USN-6348-1 linux-intel-iotg-5.15, linux-raspi vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...

USN-6341-1: Linux kernel vulnerabilities

Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the doprlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0458 It was discovered that a...