87 matches found
USN-7714-1 open-vm-tools vulnerabilities
Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A local attacker could possibly use this issue to hijack /dev/uinput and simulate user inputs. CVE-2023-34059 Dolev Farhi discovered that Open VM Tools incorrectly handled certain file...
Linux Distros Unpatched Vulnerability : CVE-2023-34059
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack...
CVE-2021-46894
Use After Free UAF vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation...
kernel: Input: uinput - reject requests with unreasonable number of slots
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in inputmtinitslot...
Linux Distros Unpatched Vulnerability : CVE-2024-46745
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large numbe...
SUSE CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Input: uinput – rejects requests with an unreasonable number of slots When using uinput, the syzkaller may attempt to set up a device with a very large number of slots, leading to a memory allocation failure in inputmtinitslots...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow CVE-2024-43853 In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media CVE-2024-43854 ...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization CVE-2024-46713 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd CVE-2024-46734 In the...
SUSE SLES12: cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc (SUSE-SU-2024:3566-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3566-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...
SUSE CVE-2024-46745
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in inputmtinitslot...
CVE-2024-46745
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in inputmtinitslot...
CVE-2024-46745
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in inputmtinitslot...
DEBIAN-CVE-2024-46745
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in inputmtinitslot...
UBUNTU-CVE-2024-46745
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in inputmtinitslot...
CVE-2024-46745 Input: uinput - reject requests with unreasonable number of slots
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in inputmtinitslot...
CVE-2024-46745 Input: uinput - reject requests with unreasonable number of slots
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in inputmtinitslot...
CVE-2024-46745
CVE-2024-46745 affects the Linux kernel uinput interface. The root cause is an unbounded request for slots via syzkaller, causing memory allocation failure in input_mt_init_slots. The fix limits the allowed number of slots to 100 (extendable if devices require more). Consequences described in the...
CVE-2024-46745 Input: uinput - reject requests with unreasonable number of slots
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in inputmtinitslot...
USN-6463-2 open-vm-tools vulnerabilities
USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could...