RHEL 8 : kernel (RHSA-2024:0930)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0930 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: GSM multiplexing race conditio...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-2787)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A time-of-check to time-of-use issue exists in iouring subsystem's IORINGOPCLOSE operation in the Linux kernel's versions 5.6 - 5.11 inclusive,...

Ubuntu 18.04 ESM / 20.04 LTS : Linux kernel vulnerabilities (USN-6548-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6548-1 advisory. It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose...

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6466-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6466-1 advisory. Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free...

kernel security update

2.6.32-754.49.1.OL6 - x86/speculation: Use generic retpoline by default on AMD CVE-2021-26401 Orabug: 34986011...

Unbreakable Enterprise kernel security update

5.15.0-106.131.4 - jbd2: check 'jh-btransaction' before removing it from checkpoint Zhihao Cheng - jbd2: fix checkpoint cleanup performance regression Zhang Yi - scsi: qla2xxx: Fix TMF leak through Quinn Tran - scsi: qla2xxx: Fix command flush during TMF Quinn Tran - scsi: qla2xxx: Limit TMF to 8...

CLSA-2023-1695901231 Fix of 7 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-42753 - netfilter: ipset: add the missing IPSETHASHWITHNET0 macro for ipsethashnetportnet.c CVE-2022-40982 // CVE-url: https://ubuntu.com/security/CVE-2022-40982 - init: Provide archcpufinalizeinit - x86/cpu: Switch to archcpufinalizeinit - init: Remo...

CLSA-2023-1695901043 Fix of 5 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-42753 - netfilter: ipset: add the missing IPSETHASHWITHNET0 macro for ipsethashnetportnet.c CVE-2022-40982 // CVE-url: https://ubuntu.com/security/CVE-2022-40982 - init: Provide archcpufinalizeinit - x86/cpu: Switch to archcpufinalizeinit - init: Remo...

CLSA-2023-1695900880 Fix of 5 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-42753 - netfilter: ipset: add the missing IPSETHASHWITHNET0 macro for ipsethashnetportnet.c CVE-2022-40982 // CVE-url: https://ubuntu.com/security/CVE-2022-40982 - init: Provide archcpufinalizeinit - x86/cpu: Switch to archcpufinalizeinit - init: Remo...

CLSA-2023-1695046791 Fix of 7 CVEs

Bionic update: upstream stable patchset 2022-12-01 LP: 1998542 // CVE-2022-26373 - x86/speculation: Add RSB VM Exit protections Bionic update: upstream stable patchset 2022-12-01 LP: 1998542 - Revert "x86/cpu: Add a steppings field to struct x86cpuid" - x86/cpufeature: Add facility to check for m...

CLSA-2023-1695046627 Fix of 7 CVEs

Bionic update: upstream stable patchset 2022-12-01 LP: 1998542 // CVE-2022-26373 - x86/speculation: Add RSB VM Exit protections Bionic update: upstream stable patchset 2022-12-01 LP: 1998542 - Revert "x86/cpu: Add a steppings field to struct x86cpuid" - x86/cpufeature: Add facility to check for m...

CLSA-2023-1695041288 Fix of 8 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-4622 - afunix: Fix null-ptr-deref in unixstreamsendpage. Jammy update: v5.15.105 upstream stable release LP: 2023230 // CVE-url: https://ubuntu.com/security/CVE-2022-4269 - net/sched: actmirred: better wording on protection against excessive stack...

Oracle Linux 8 : kernel (ELSA-2020-3010)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3010 advisory. - vfio vfio/pci: Fix SR-IOV VF handling with MMIO blocking Alex Williamson 1837309 1837310 CVE-2020-12888 - x86 kvm: Clean up host's steal time structu...

kernel security, bug fix, and enhancement update

5.14.0-284.25.1.0.12 - Fix KVM: x86/mmu: Fix race condition in directpagefault Orabug: 35673032 CVE-2022-45869 5.14.0-284.25.12 - KVM: x86/mmu: Fix race condition in directpagefault - prlimit: doprlimit needs to have a speculation check CVE-2023-0458 - x86/speculation: Allow enabling STIBP with...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-6185-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6185-1 advisory. It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial ...

SUSE-SU-2023:2782-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-35828: Fixed a use-after-free flaw inside renesasusb3remove in drivers/usb/gadget/udc/renesasusb3.c bsc1212513. - CVE-2023-35823: Fixed a...

USN-6133-1 linux-intel-iotg vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...

SUSE CVE-2023-3006

A known cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influenc...

CVE-2023-3006

A known cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influenc...

CVE-2023-3006

A known cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influenc...