SUSE CVE-2026-43089

In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildmapping struct xfrmusersaid has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structur...

CVE-2026-43089

In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildmapping struct xfrmusersaid has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structur...

xfrm_user: fix info leak in build_report()

...

SUSE CVE-2026-31671

In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...

CVE-2026-31671

In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...

SUSE CVE-2012-6538

The copytouserauth function in net/xfrm/xfrmuser.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAPNETADMIN capability...

Oracle Linux 7 : kernel (ELSA-2017-2930-1) (BlueBorne)

Description of changes: - 3.10.0-693.5.2.0.1.el7.OL7 - ipc ipc/sem.c: bugfix for semctl,,GETZCNT Manfred Spraul orabug 22552377 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel olkmodsigningkey.x509alexey.petrenko at oracle.com - Update...

kernel security and bug fix update

3.10.0-693.5.2.0.1.el7.OL7 - ipc ipc/sem.c: bugfix for semctl,,GETZCNT Manfred Spraul orabug 22552377 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676...

Oracle Linux 7 : kernel (ELSA-2017-2930)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2930 advisory. - net tcp: initialize rcvmss to TCPMINMSS instead of 0 Davide Caratti 1488341 1487061 CVE-2017-14106 - net tcp: fix 0 divide in tcpselectwindow Davide...

kernel security and bug fix update

3.10.0-693.5.2.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-693.5.2 - mm pagecgroup: Fix Kernel bug during boot with memory cgroups enabled...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0105)

The remote OracleVM system is missing necessary patches to address critical security updates : - nfsd: stricter decoding of write-like NFSv2/v3 ops J. Bruce Fields Orabug: 25986990 CVE-2017-7895 - fnic: Update fnic driver version to 1.6.0.24 John Sobecki Orabug: 24448585 - xen-netfront: Rework th...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3566)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3566 advisory. - nfsd: stricter decoding of write-like NFSv2/v3 ops J. Bruce Fields Orabug: 25986990 CVE-2017-7895 - KVM: x86: fix emulation of 'MOV SS, null...

Unbreakable Enterprise kernel security update

2.6.39-400.295.2 - nfsd: stricter decoding of write-like NFSv2/v3 ops J. Bruce Fields Orabug: 25986995 CVE-2017-7895 2.6.39-400.295.1 - ocfs2/o2net: o2netlistendataready should do nothing if socket state is not TCPLISTEN Tariq Saeed Orabug: 25510857 - IB/CORE: sync the resouce access in fmrpool...

PWN2OWN 2017 the Linux kernel to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

! 0. Foreword In 2017, the PWN2OWN contest, the long Pavilion security research lab Chaitin Security Research Lab successfully demonstrates Ubuntu 16.10 Desktop of the local extraction rights. This attack mainly use the linux kernel IPSEC frameworkfrom linux2. 6 Start supportin a memory bounds...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3539)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3539 advisory. - KVM: x86: fix emulation of 'MOV SS, null selector' Paolo Bonzini Orabug: 25719659 CVE-2017-2583 CVE-2017-2583 - ext4: store checksum seed in...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0062)

The remote OracleVM system is missing necessary patches to address critical security updates : - uek-rpm: enable CONFIGKSPLICE. Jamie Iles Orabug: 25698171 - ksplice: add sysctls for determining Ksplice features. Jamie Iles - signal: protect SIGNALUNKILLABLE from unintentional clearing. Jamie Ile...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2013-2534)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-2534 advisory. - KVM: add missing void user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING- BUGS arch block crypto drivers firmware fs...

Oracle Linux 5 : kernel (ELSA-2013-0747)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0747 advisory. - virt xen-netback: backports Andrew Jones 910884 910885 CVE-2013-0216 - virt xen-netback: netifschedulable should take a netif Andrew Jones 910884...

USN-1829-1: Linux kernel (EC2) vulnerabilities

Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. CVE-2012-6549 Mathias Krause discovered a flaw in xfrmuser in the Linux kernel. A local attacker with NETADMIN...

Kernel: xfrm_user: return error pointer instead of NULL

The xfrmstatenetlink function in net/xfrm/xfrmuser.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dumponestate function calls, which allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash by leveraging the...