Unbreakable Enterprise kernel-container security update

5.4.17-2136.325.5.el8 - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext Krister Johansen Orabug: 35905508 - char: misc: Increase the maximum number of dynamic misc devices to 1048448 D Scott Phillips Orabug: 35905508 - perf/arm-cmn: Fix invalid pointer when access...

USN-6462-2: Linux kernel (IoT) vulnerabilities

Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information kernel memory or in conjunction with another kernel vulnerability. CVE-2023-0597 Yu Hao and Weite...

kernel: nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Fix use-after-free bugs caused by pn532cmdtimeout When the pn532 uart device is detaching, the pn532uartremove is called. But there are no functions in pn532uartremove that could delete the cmdtimeout timer, which wil...

USN-6464-1 linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive vulnerabilities

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2023-31083 Lin Ma discovered that the Netlink...

CLSA-2023-1698306895 Fix of 7 CVEs

CVE-2023-0597 // CVE-url: https://ubuntu.com/security/CVE-2023-0597 - x86/kasan: Map shadow for percpu pages on demand - x86/mm: Recompute physical address for every page of per-CPU CEA mapping - x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area - x86/mm: Do not shuffle CPU...

USN-6439-2 linux-aws vulnerabilities

It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service excessive CPU consumption. CVE-2023-1206 Yu Hao and Weiteng Chen discovered that the Bluetooth HCI...

USN-6440-1 linux, linux-aws, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities

Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information kernel memory or in conjunction with another kernel vulnerability. CVE-2023-0597 It was discovere...

CVE-2023-46033

D-Link Non-US DSL-2750U N300 ADSL2+ and Non-US DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control...

CVE-2023-46033

D-Link Non-US DSL-2750U N300 ADSL2+ and Non-US DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control...

Improper access control

UNSUPPORTED WHEN ASSIGNED D-Link Non-US DSL-2750U N300 ADSL2+ and Non-US DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control...

CVE-2023-46033

D-Link Non-US DSL-2750U N300 ADSL2+ and Non-US DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control...

CVE-2023-46033

D-Link Non-US DSL-2750U N300 ADSL2+ and Non-US DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control...

CVE-2023-36160

An issue was discovered in Qubo Smart Plug10A version HSP02010114SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console...

CVE-2023-36160

An issue was discovered in Qubo Smart Plug10A version HSP02010114SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console...

CVE-2023-36160

An issue was discovered in Qubo Smart Plug10A version HSP02010114SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console...

Code injection

An issue was discovered in Qubo Smart Plug10A version HSP02010114SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console...

CVE-2023-36160

CVE-2023-36160 affects Qubo Smart Plug10A, specifically version HSP02_01_01_14_SYSTEM-10 A. The issue permits local attackers to access sensitive information via the UART console, with the exposed impact limited to confidentiality (as per the CVSS and vendor notes) and without other confirmed exp...

CVE-2023-36160

An issue was discovered in Qubo Smart Plug10A version HSP02010114SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console...

Qubo Smart Plug Security Vulnerability

Qubo Smart Plug is a smart plug from Qubo. It effectively manages and tracks the energy consumption of devices through real-time power monitoring. A security vulnerability exists in Qubo Smart Plug version 10A HSP02010114SYSTEM-10 A. The vulnerability stems from a vulnerability that allows an...

PT-2023-25460 · Unknown · Qubo Smart Plug 10A

Name of the Vulnerable Software and Affected Versions: Qubo Smart Plug10A version HSP02 01 01 14 SYSTEM-10 A Description: An issue was discovered in Qubo Smart Plug10A, allowing local attackers to gain sensitive information and other unspecified impact via UART console. Recommendations: For Qubo...