MiracleLinux 8 : kernel-4.18.0-477.10.1.el8_8 (AXSA:2023-5865:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5865:16 advisory. use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564 net/ulp: use-after-free in listening ULP sockets CVE-2023-046...

EUVD-2018-7468

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-15594

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attack...

RHEL 8 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kernel: race condition in sndpcmhwfree leading to use-after-free CVE-2022-1048 - Kernel: use-after-free i...

Oracle Linux 7 : kernel (ELSA-2019-2029)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2029 advisory. - scsi scsi: megaraidsas: return error when create DMA pool failed Tomas Henzl 1712861 CVE-2019-11810 - net tcp: enforce tcpminsndmss in tcpmtuprobing...

Debian dla-3404 : linux-config-5.10 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3404 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3404-1 [email protected]...

ALSA-2023:2736 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564 net/ulp: use-after-free in listening ULP sockets...

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 net/ulp: use-after-free in listening ULP...

ALSA-2023:2458 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 net/ulp: use-after-free in listening ULP sockets CVE-2023-0461 cpu: AMD CPUs may transiently execu...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12256)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12256 advisory. - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions Tom Lendacky Orabug: 35166671 CVE-2022-27672 - KVM: x86: Mitigate t...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12255)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12255 advisory. - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions Tom Lendacky Orabug: 35166671 CVE-2022-27672 - KVM: x86: Mitigate t...

CVE-2022-2196

A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-013)

The version of kernel installed on the remote host is prior to 5.4.50-25.83. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-013 advisory. A logic bug flaw was found in the Linux kernel's implementation of SSBD. A bug in the logic handling allows a...

CVE-2020-10768

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threa...

CVE-2020-10768

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threa...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5804)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5804 advisory. - fs/binfmtelf.c: allocate initialized memory in fillthreadcoreinfo Alexander Potapenko Orabug: 31350638 CVE-2020-10732 - net-sysfs: call devhold if...

Amazon Linux AMI : kernel (ALAS-2020-1401)

The version of kernel installed on the remote host is prior to 4.14.186-110.268. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1401 advisory. An issue where a provided address with accessok is not checked was discovered in i915gemexecbuffer2ioctl in...

CVE-2018-15594

It was found that paravirtpatchcall/jump functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1433)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make...