Lucene search
K

1534 matches found

Debian
Debian
added 2024/10/22 5:55 a.m.6 views

[SECURITY] [DLA 3930-1] libsepol security update

Debian LTS Advisory DLA-3930-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton October 22, 2024 https://wiki.debian.org/LTS Package : libsepol Version : 3.1-1+deb11u1 CVE ID : CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 Debian Bug : 990526 Multiple...

3.3CVSS6.9AI score0.00592EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2024/10/21 11:7 p.m.16 views

CVE-2024-49984

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be...

7.8CVSS7.2AI score0.00242EPSS
Exploits0References4
NVD
NVD
added 2024/10/21 8:15 p.m.11 views

CVE-2022-48987

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2bttimings blanking fields in order to avoid integer overflows when userspace passes weird values. But that assumed that...

5.5CVSS0.00248EPSS
Exploits0References8
OSV
OSV
added 2024/10/21 8:15 p.m.1 views

UBUNTU-CVE-2022-48987

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2bttimings blanking fields in order to avoid integer overflows when userspace passes weird values. But that assumed that...

5.5CVSS6.2AI score0.00248EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2024/10/21 8:6 p.m.24 views

CVE-2022-48987 media: v4l2-dv-timings.c: fix too strict blanking sanity checks

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2bttimings blanking fields in order to avoid integer overflows when userspace passes weird values. But that assumed that...

6.9AI score0.00248EPSS
Exploits0References8
CVE
CVE
added 2024/10/21 8:6 p.m.108 views

CVE-2022-48987

CVE-2022-48987 affects the Linux kernel in media: v4l2-dv-timings.c. The issue was a misapplied blanking sanity check: when userspace supplies only a total blanking value, the total could be assigned to front porch, backporch, or sync fields, causing an overflow check to fail. The fix adds maximu...

5.5CVSS5.2AI score0.00248EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/10/21 8:6 p.m.15 views

CVE-2022-48987 media: v4l2-dv-timings.c: fix too strict blanking sanity checks

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2bttimings blanking fields in order to avoid integer overflows when userspace passes weird values. But that assumed that...

5.5CVSS6AI score0.00248EPSS
Exploits0References11
OSV
OSV
added 2024/10/21 6:15 p.m.5 views

DEBIAN-CVE-2024-49975

In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "uprobes" vma xoladdvma maps the uninitialized page allocated by createxolarea into userspace. On some architectures x86 this memory is readable even without VMREAD, VMEXEC results in the same...

5.5CVSS5.7AI score0.00249EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 6:15 p.m.8 views

UBUNTU-CVE-2024-49975

In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "uprobes" vma xoladdvma maps the uninitialized page allocated by createxolarea into userspace. On some architectures x86 this memory is readable even without VMREAD, VMEXEC results in the same...

5.5CVSS6.2AI score0.00249EPSS
Exploits0References43
Vulnrichment
Vulnrichment
added 2024/10/21 6:2 p.m.12 views

CVE-2024-49984 drm/v3d: Prevent out of bounds access in performance query extensions

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be...

6.8AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/10/21 3:46 p.m.8 views

SUSE CVE-2024-47727

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handlemmio function checks if the VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can...

5.5CVSS6.2AI score0.00247EPSS
Exploits0References19
RedhatCVE
RedhatCVE
added 2024/10/21 3:40 p.m.14 views

CVE-2024-47727

A flaw was found in the Linux kernel. Userspace can deceive the kernel into performing MMIO Memory-Mapped IO operations in TDX Trust Domain Extensions on its behalf, allowing a VE Virtualization Exception to be incorrectly handled as a in-kernel MMIO operation. Mitigation Mitigation for this issu...

7.8CVSS7.8AI score0.00247EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/10/21 2:42 p.m.25 views

CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

7.8CVSS6.9AI score0.00286EPSS
Exploits0References4
NVD
NVD
added 2024/10/21 1:15 p.m.15 views

CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

7.8CVSS0.00286EPSS
Exploits0References11
NVD
NVD
added 2024/10/21 1:15 p.m.14 views

CVE-2024-47727

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handlemmio function checks if the VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can...

7.8CVSS0.00247EPSS
Exploits0References6
OSV
OSV
added 2024/10/21 12:15 p.m.3 views

DEBIAN-CVE-2024-47719

In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN overflows which corrupts the selected area range during...

7.8CVSS6.2AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2024/10/21 12:15 p.m.11 views

CVE-2024-47716

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal...

5.5CVSS0.00218EPSS
Exploits0References4
CVE
CVE
added 2024/10/21 12:14 p.m.165 views

CVE-2024-47742

CVE-2024-47742 : Linux kernel firmware_loader path traversal vulnerability. Several code paths construct firmware filenames from device or userspace data (e.g., lpfc_sli4_request_firmware_update, nfp_net_fw_find, module_flash_fw_schedule). The issue arises when dynamic firmware names can include ...

7.8CVSS7.9AI score0.00286EPSS
Exploits0References11Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/21 12:14 p.m.13 views

CVE-2024-47727 x86/tdx: Fix "in-kernel MMIO" check

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handlemmio function checks if the VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can...

6.8AI score0.00247EPSS
Exploits0References5
CVE
CVE
added 2024/10/21 12:14 p.m.127 views

CVE-2024-47727

CVE-2024-47727 is a Linux kernel issue (x86/tdx) where userspace could trick the kernel into performing MMIO via #VE by pointing a syscall at an MMIO address. The root cause was the in-kernel MMIO check in handle_mmio() not guaranteeing the target MMIO address was within the kernel before decodin...

7.8CVSS7.1AI score0.00247EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder