Fix of CVE: CVE-2021-33909

ELS-130: netfilter: xtables: add missing tables zeroing - CLKRN-800: CVE-2021-33909: seqfile: disallow extremely large seq buffer allocation...

buf-ref-reader (=0.3.0), buf_redux (>=0.7.0 <=0.8.1) +9 more potentially affected by CVE-2019-15543 via slice-deque (=0.1.16)

slice-deque CARGO version =0.1.16 is affected by a known vulnerability. The following packages have a transitive dependency on slice-deque and may be impacted: - buf-ref-reader =0.3.0 - bufredux =0.7.0, =0.1.0, =0.2.0, =0.1.0, =0.12.0, =0.1.0, =0.2.0 - seqio =0.3.0 - stocker =0.2.0 Source cves:...

UVI-2021-1001261 seq_file: disallow extremely large seq buffer allocations

seqfile: disallow extremely large seq buffer allocations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.52 by commit...

Unbreakable Enterprise kernel-container security update

5.4.17-2102.203.6.el7 - seqfile: disallow extremely large seq buffer allocations Eric Sandeen Orabug: 33135632 CVE-2021-33909...

kernel: size_t-to-int conversion vulnerability in the filesystem layer

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...

kernel: size_t-to-int conversion vulnerability in the filesystem layer

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...

kernel: size_t-to-int conversion vulnerability in the filesystem layer

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...

openSUSE: Security Advisory for the (openSUSE-SU-2021:2415-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: size_t-to-int conversion vulnerability in the filesystem layer

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...

AZL-6565 CVE-2021-33909 affecting package kernel for versions less than 5.10.78.1-1

fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05...

CVE-2021-33909

fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05...

UVI-2021-1001018 ALSA: seq: Fix race of snd_seq_timer_open()

ALSA: seq: Fix race of sndseqtimeropen This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.11 by commit...

GSD-2021-1001018 ALSA: seq: Fix race of snd_seq_timer_open()

ALSA: seq: Fix race of sndseqtimeropen This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.11 by commit...

UVI-2021-1000945 ALSA: seq: Fix race of snd_seq_timer_open()

ALSA: seq: Fix race of sndseqtimeropen This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.44 by commit...

PT-2024-11285 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a race condition in the snd seq timer open function, where the timer instance per queue is exclusive, but concurrent accesses are not properly managed. This can...

SQL Injection

Overview honeysql:honeysql is a SQL as Clojure data structures. Build queries programmatically -- even at runtime -- without having to bash strings together. Affected versions of this package are vulnerable to SQL Injection via seq-sql function in format.cljc file. Remediation Upgrade...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service. Local users are able to exploit a race condition in the ALSA subsystem to crash the application via malicious /dev/snd/seq ioctl calls. The crash is a result of a use-after-free UAF bug in sndseqioctlcreateport...

kernel: Use-after-free in snd_seq_ioctl_create_port()

A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation...

kernel: race condition in snd_seq_write() may lead to UAF or OOB-access

ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access...

kernel: Use-after-free in snd_seq_ioctl_create_port()

A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation...