33 matches found
kernel: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
In the Linux kernel, the following vulnerability has been resolved: vcscreen: move load of struct vcdata pointer in vcsread to avoid UAF After a call to consoleunlock in vcsread the vcdata struct can be freed by vcdeallocate. Because of that, the struct vcdata pointer load must be done at the top...
kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
kernel: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
In the Linux kernel, the following vulnerability has been resolved: vcscreen: move load of struct vcdata pointer in vcsread to avoid UAF After a call to consoleunlock in vcsread the vcdata struct can be freed by vcdeallocate. Because of that, the struct vcdata pointer load must be done at the top...
kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
kernel: Fix of 13 CVEs
Bluetooth: L2CAP: Fix use-after-free in l2capsockreadycb CVE-2023-40283 - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet CVE-2023-6932 - smb: client: fix OOB in smbCalcSize CVE-2023-6606 - net/sched: schhfsc: Ensure inner classes have fsc curve CVE-2023-4623 - net/sched: clsfw:...
kernel: Fix of 13 CVEs
Bluetooth: L2CAP: Fix use-after-free in l2capsockreadycb CVE-2023-40283 - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet CVE-2023-6932 - smb: client: fix OOB in smbCalcSize CVE-2023-6606 - net/sched: schhfsc: Ensure inner classes have fsc curve CVE-2023-4623 - net/sched: clsfw:...
CBL Mariner 2.0 Security Update: kernel (CVE-2023-3567)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3567 advisory. - A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This...
SUSE SLED15: cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc (SUSE-SU-2023:3311-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3311-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. Th...
DEBIAN-CVE-2023-3567
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
UBUNTU-CVE-2023-3567
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
CVE-2023-3567
A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
GSD-2023-1002036 vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
vcscreen: move load of struct vcdata pointer in vcsread to avoid UAF This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.93 by commit...