669 matches found
PT-2023-8716
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified kernel-image-rpi-un version 6.1.77-alt1 Description The Linux kernel contains a flaw within the ksmbd module, specifically in the ksmbd decode ntlmssp auth blob function. This issue relates to a...
Debian DSA-5462-1 : linux - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5462 advisory. - An issue in Zen 2 CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. CVE-2023-20593 Note that Ness...
CVE-2023-33952
A double-free vulnerability was found in handling vmwbufferobject objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to...
CVE-2023-32258 Session race condition remote code execution vulnerability
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...
CVE-2023-38432
An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read...
CVE-2023-3111
A use after free vulnerability was found in preparetorelocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfsioctlbalance before calling btrfsioctldefrag...
CVE-2023-0459
Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond...
PT-2025-25970 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the qrtr Qualcomm Remote Transport module. The issue arises when the MHI Mobile Hardware Interface channel generates...
CVE-2023-2176
A vulnerability was found in comparenetdevandip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege...
CVE-2022-42432
This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
CVE-2022-48423
In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur...
GSD-2023-1002363 pinctrl: single: fix potential NULL dereference
pinctrl: single: fix potential NULL dereference This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.94 by commit...
GSD-2023-1002111 fbdev: omapfb: avoid stack overflow warning
fbdev: omapfb: avoid stack overflow warning This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.90 by commit...
GSD-2023-1002055 net/sched: sch_taprio: do not schedule in taprio_reset()
net/sched: schtaprio: do not schedule in taprioreset This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.91 by commit...
GSD-2023-1001443 mmc: alcor: fix return value check of mmc_add_host()
mmc: alcor: fix return value check of mmcaddhost This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...
GSD-2023-1001383 staging: rtl8192u: Fix use after free in ieee80211_rx()
staging: rtl8192u: Fix use after free in ieee80211rx This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...
GSD-2023-1000465 staging: media: tegra-video: fix device_node use after free
staging: media: tegra-video: fix devicenode use after free This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...
GSD-2023-1000027 NFC: nci: Bounds check struct nfc_target arrays
NFC: nci: Bounds check struct nfctarget arrays This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.13 by commit...
CVE-2020-36611 File and Directory Permission Vulnerability in Hitachi Tuning Manager
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components allows local users to read and write specific...
PT-2022-26351 · Nvidia · Linux-Nvidia
Name of the Vulnerable Software and Affected Versions: NVIDIA distributions of Linux affected versions not specified Description: The issue is related to a vulnerability in the nvdla emu task submit function, where unvalidated input may allow a local attacker to cause a stack-based buffer overflo...