EUVD-2021-26996

Malware in sbrugna...

EUVD-2022-50665

Malicious code in bioql PyPI...

kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Ubuntu 23.04 : Linux kernel vulnerabilities (USN-6175-1)

The remote Ubuntu 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6175-1 advisory. Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leadi...

USN-6337-1: Linux kernel (Azure) vulnerabilities

It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:2809-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2809-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were...

USN-6175-1: Linux kernel vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2023-2020)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can le...

kernel: NULL pointer dereference in traffic control subsystem

A NULL pointer dereference flaw was found in qdiscgraft in net/sched/schapi.c in the Linux kernel. This issue may allow a local unprivileged user to trigger a denial of service if the allocworkqueue function return is not validated in time of failure, resulting in a system crash or leaked interna...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-1806)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-1824)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack...

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6057-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6057-1 advisory. It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker...

Oracle Linux 8 : kernel (ELSA-2023-1566)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1566 advisory. - ovl: fail on invalid uid/gid mapping at copy up Miklos Szeredi 2165341 2165342 CVE-2023-0386 - ALSA: pcm: Move rwsem lock inside sndctlelemread to...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5984-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5984-1 advisory. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use...

CBL Mariner 2.0 Security Update: hyperv-daemons / kernel (CVE-2022-47929)

The version of hyperv-daemons / kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-47929 advisory. - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-12196)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12196 advisory. - l2tp: Serialize access to skuserdata with skcallbacklock Jakub Sitnicki Orabug: 34951574 CVE-2022-4129 - wifi: rndiswlan: Prevent buffer overflo...

SUSE SLES12 Security Update : kernel (SUSE-SU-2023:0485-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0485-1 advisory. - An out-of-boundsOOB memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfxkms.c in GPU component in the Linux...

The vulnerability of the Traffic Control Subsystem component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the Traffic Control Subsystem in the Linux operating system is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...