kernel: drm/virtio: improper return value check in virtio_gpu_object_shmem_init()

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the drmgemshmemgetsgtable return value expects it to be NULL in the error case, whereas it is actually an error pointer...

device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to...

CVE-2021-46763

Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity...

CVE-2021-46763

The CVE-2021-46763 entry concerns AMD components: the AMD Secure Processor (ASP) and AMD System Management Unit (SMU). The root cause is insufficient input validation in the SMU, which may allow a privileged attacker to write beyond the bounds of a shared memory buffer, potentially compromising i...

device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to...

kernel: drm/virtio: improper return value check in virtio_gpu_object_shmem_init()

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the drmgemshmemgetsgtable return value expects it to be NULL in the error case, whereas it is actually an error pointer...

kernel: mm/mempolicy: fix mpol_new leak in shared_policy_replace

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace If mpolnew is allocated but not used in restart loop, mpolnew will be freed via mpolput before returning to the caller. But refcnt is not initialized yet, so mpolput could not...

PT-2023-12577 · Amd · 2Nd Gen Amd Epyc™ +41

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient input validation in the SMU, which may allow a privileged attacker to write beyond the intended bounds of a shared...

PT-2023-1001 · Arm · Arm Nn Android-Nn-Driver

Name of the Vulnerable Software and Affected Versions: Arm NN Android-NN-Driver versions prior to 23.02 Description: A possible out-of-bounds read and write was discovered due to an improper length check of shared memory. This issue could lead to local escalation of privilege with no additional...

USN-6030-1 linux-snapdragon vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the System V IPC...

USN-6020-1 linux-bluefield vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that the KVM VMX implementation in the Linux kernel did no...

USN-6014-1: Linux kernel vulnerabilities

Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service connection termination or inject forged data. CVE-2020-36516 Ke Sun, Alyssa Milburn,...

Ubuntu 16.04 ESM : Linux kernel (GCP) vulnerabilities (USN-6009-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6009-1 advisory. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use...

USN-6009-1: Linux kernel (GCP) vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5984-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5984-1 advisory. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use...

CVE-2023-28097

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

UBUNTU-CVE-2023-28097

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

CVE-2023-28097 OpenSIPS has vulnerability in the Content-Length Parser

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

CVE-2023-28097 OpenSIPS has vulnerability in the Content-Length Parser

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

Debian: Security Advisory (DLA-210-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...