1069 matches found
kernel: cipso: Fix data-races around sysctl.
In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READONCE to avoid data-races...
procps-ng security and bug fix update
3.3.17-13.0.1 - ps: remove uptime integer conversion Orabug: 35909347 - ps: improved three elapsed 'jiffies/tics' calculations Orabug: 35909347 3.3.17-13 - ps: mitigation of possible buffer overflow - Resolves: rhbz2228504 3.3.17-12 - sysctl: '-N' option shows values instead of names if '-p' -...
kernel: mpls: double free on sysctl allocation failure
A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code...
CVE-2023-2163
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape. Mitigation The default Red Hat Enterprise Linux kernel...
AlmaLinux 8 : kernel-rt (ALSA-2023:1584)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:1584 advisory. - A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking configuration redirecting egress packets to ingress using...
OESA-2023-1445 elfutils security update
Elfutils is a collection of utilities, including stack to show backtraces, nm for listing symbols from object files, size for listing the section sizes of an object or archive file, strip for discarding symbols, elflint to check for well-formed ELF files and elfcompress to compress or decompress...
kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...
kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...
K000134768: Linux kernel vulnerability CVE-2022-4378
Security Advisory Description A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-4378 Impact A locally...
USN-6093-1: Linux kernel (BlueField) vulnerabilities
It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...
kernel: ipv4: Fix a data-race around sysctl_fib_sync_mem.
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctlfibsyncmem. While reading sysctlfibsyncmem, it can be changed concurrently. So, we need to add READONCE to avoid a data-race...
kernel: igmp: Fix data-races around sysctl_igmp_qrv.
In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctligmpqrv. While reading sysctligmpqrv, it can be changed concurrently. Thus, we need to add READONCE to its readers. This test can be packed into a helper, so such changes will be in the follow-up...
kernel: icmp: Fix data-races around sysctl.
A flaw was found in the Linux kernel's ICMP protocol. A race condition can occur when reading the ICMP sysctl variables due to a missing lock, potentially impacting system stability and resulting in a denial of service...
kernel: tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Fix a data-race around sysctltcpfwmarkaccept. While reading sysctltcpfwmarkaccept, it can be changed concurrently. Thus, we need to add READONCE to its reader...
kernel: tcp: Fix a data-race around sysctl_tcp_probe_interval.
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpprobeinterval. While reading sysctltcpprobeinterval, it can be changed concurrently. Thus, we need to add READONCE to its reader...
kernel: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.
A flaw was found in the Linux kernel's ICMP protocol. A race condition can occur when reading the sysctlicmperrorsuseinboundifaddr resource due to a missing lock, potentially impacting system stability and resulting in a denial of service...
kernel: tcp: Fix data-races around sysctl_tcp_fastopen.
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpfastopen. While reading sysctltcpfastopen, it can be changed concurrently. Thus, we need to add READONCE to its readers...
kernel: tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpmtuprobefloor. While reading sysctltcpmtuprobefloor, it can be changed concurrently. Thus, we need to add READONCE to its reader...
kernel: ip: Fix a data-race around sysctl_ip_autobind_reuse.
In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctlipautobindreuse. While reading sysctlipautobindreuse, it can be changed concurrently. Thus, we need to add READONCE to its reader...
kernel: tcp: Fix a data-race around sysctl_tcp_probe_threshold.
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpprobethreshold. While reading sysctltcpprobethreshold, it can be changed concurrently. Thus, we need to add READONCE to its reader...