Ubuntu 22.10 : Linux kernel (Raspberry Pi) vulnerabilities (USN-5832-1)

The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5832-1 advisory. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a...

USN-5832-1: Linux kernel (Raspberry Pi) vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

CVE-2022-3534

A use-after-free flaw was found in btfdumpnamedups in tools/lib/bpf/btfdump.c in libbpf in the Linux Kernel. This issue occurs because the key stored in the hash table namemap is a string address, and the string memory is allocated by realloc function. When the memory is resized by realloc later,...

USN-5831-1 linux-azure-fde vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2023-025)

The version of kernel installed on the remote host is prior to 5.10.162-141.675. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2023-025 advisory. A vulnerability classified as problematic has been found in Linux Kernel. This affects the function...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5814-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5814-1 advisory. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use...

USN-5814-1 linux-azure, linux-gkeop, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

USN-5814-1: Linux kernel vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

USN-5809-1 linux-oem-5.14 vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5809-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5809-1 advisory. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause...

USN-5803-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-hwe-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi, vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5803-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5803-1 advisory. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use...

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.

...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-12017)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12017 advisory. - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34882775 CVE-2022-4378 - proc: avoid integer type confusi...

USN-5799-1: Linux kernel (OEM) vulnerability

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5799-1 linux-oem-5.17, linux-oem-6.0 vulnerability

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2023-12006)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-12006 advisory. - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34882780 CVE-2022-4378 - proc: avoid integer type confusion in...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12008)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12008 advisory. - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34882779 CVE-2022-4378 - proc: avoid integer type confusi...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12009)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12009 advisory. - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34882779 CVE-2022-4378 - proc: avoid integer type confusi...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2023-12007)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12007 advisory. - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34882780 CVE-2022-4378 - proc: avoid integer type confusion in...