Siemens SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2024-49936)

net/xen-netback: prevent UAF in xenvifflushhash. During the listforeachentryrcu iteration call of xenvifflushhash, kfreercu does not exist inside the rcu read critical section, so if kfreercu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head-next after...

Linux Distros Unpatched Vulnerability : CVE-2021-47111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task fro...

USN-5814-1 linux-azure, linux-gkeop, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

PT-2023-33227 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.83 Description: The issue concerns the xen/netback component, where protocol headers may fall in the non-linear area. The actual impact and attack plausibility have not yet been proven. Recommendations: Fo...