Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A out-of-bounds write vulnerability was discovered in the Linux kernel’s SLIMpro I2C device driver. The userspace variable “data-block0” was not bounded to a value between 0 and 255; instead, it was used as the size for a memcpy operation, potentially leading to data writing beyond the bounds of...

MiracleLinux 9 : kernel-5.14.0-284.18.1.el9_2 (AXSA:2023-6137:18)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6137:18 advisory. kernel: use-after-free vulnerability in the perfgroupdetach function of the Linux Kernel Performance Events CVE-2023-2235 kernel: netfilter:...

EUVD-2023-33709

Malicious code in bioql PyPI...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking configuration redirecting egress packets to ingress using TC action "mirred" a local unprivileged user could trigger a CPU soft lockup ABBA deadlock when the transport protocol in use TC...

Linux Distros Unpatched Vulnerability : CVE-2023-2194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace data-block0 variable was not capped to a number...

Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel

Summary TSSC/IMC is vulnerable to aritrary code excecution due to kernel. A patch has been provided that updates the kernel library. CVE-2022-42896, CVE-2023-1281, CVE-2023-1829, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235. Vulnerability Details CVEID:CVE-2022-42896 DESCRIPTION: Linux Kernel coul...

kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data-block0" variable was not limited to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dmabuffer. This issue could allow a local...

Ubuntu 23.04 : Linux kernel vulnerabilities (USN-6175-1)

The remote Ubuntu 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6175-1 advisory. Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leadi...

Rocky Linux 8 : kernel-rt (RLSA-2023:4541)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4541 advisory. - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2capcore.c's l2capconnect and l2capleconnectreq functions which may allo...

Rocky Linux 8 : kernel (RLSA-2023:4517)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4517 advisory. - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2capcore.c's l2capconnect and l2capleconnectreq functions which may allo...

CLSA-2023-1693904331 Fix of 11 CVEs

Jammy update: v5.15.86 upstream stable release LP: 2005113 // CVE-url: https://ubuntu.com/security/CVE-2022-3606 - libbpf: Fix null-pointer dereference in findprogbysecinsn Jammy update: v5.15.87 upstream stable release LP: 2007441 // CVE-url: https://ubuntu.com/security/CVE-2023-23454 - net:...

USN-6337-1: Linux kernel (Azure) vulnerabilities

It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...

Ubuntu 18.04 ESM : Linux kernel (Azure) vulnerabilities (USN-6337-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6337-1 advisory. It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An...

USN-6332-1: Linux kernel (Azure) vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 William Zhao discovered that the Traffic Control T...

USN-6331-1: Linux kernel (Azure) vulnerabilities

It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...

USN-6314-1: Linux kernel vulnerabilities

It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6311-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6311-1 advisory. William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in...

USN-6301-1: Linux kernel vulnerabilities

It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...

USN-6300-1: Linux kernel vulnerabilities

William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2022-4269 It was discovered that the NTFS file system...

AlmaLinux 8 : kernel (ALSA-2023:4517)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4517 advisory. - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2capcore.c's l2capconnect and l2capleconnectreq functions which may allow...