Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails CVE-2022-49168 In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio CVE-2022-49413 In the Linux...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue CVE-2021-46981 A use-after-free flaw was found in btrfssearchslot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and...

Important: kernel

Issue Overview: A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory...

Important: kernel

Issue Overview: A denial-of-service DoS flaw was identified in the Linux kernel due to an incorrect memory barrier in xtreplacetable in net/netfilter/xtables.c in the netfilter subsystem. CVE-2021-29650 A flaw was found in kernel/bpf/verifier.c in BPF in the Linux kernel. An incorrect limit is...

Medium: kernel

Issue Overview: A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2023-035)

The version of kernel installed on the remote host is prior to 5.10.184-175.731. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2023-035 advisory. An issue was found in the Linux kernel's IPv6 TCP connection tracking code, which could lead to high CPU usage wi...

Important: kernel

Issue Overview: In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are...

Important: kernel

Issue Overview: There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges. CVE-2022-2318 Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text...

Important: kernel

Issue Overview: In the Linux kernel afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free UAF in sockfssetattr. A local attacker can use this flaw to escalate privileges and take control of the system.CVE-2019-8912 Affected...

Important: kernel

Issue Overview: In the Linux kernel afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free UAF in sockfssetattr. A local attacker can use this flaw to escalate privileges and take control of the system. CVE-2019-8912 Affected...

Amazon Linux 2 : kernel (ALAS-2018-1044)

A NULL pointer dereference issue was found in the Linux kernel. If the close and fchownat system calls share a socket file descriptor as an argument, then the two calls can race and trigger a NULL pointer dereference leading to a system crash and a denial of service.CVE-2018-12232 C Tenable Netwo...

Amazon Linux AMI : kernel (ALAS-2018-1044)

A NULL pointer dereference issue was found in the Linux kernel. If the close and fchownat system calls share a socket file descriptor as an argument, then the two calls can race and trigger a NULL pointer dereference leading to a system crash and a denial of service.CVE-2018-12232 C Tenable Netwo...

Medium: kernel

Issue Overview: Perception Point Research identified http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/ a use-after-free vulnerability, representing a local privilege escalation vulnerability in the Linux kernel. Their post contains a...

Low: kernel

Issue Overview: It was reported that stack address is not properly randomized on some 64 bit architectures due to an integer overflow. The stack entropy of the processes is reduced by four. Affected Packages: kernel Issue Correction: Run yum update kernel or yum update --advisory ALAS-2015-491 to...

Amazon Linux AMI : kernel (ALAS-2014-363)

The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification. C Tenable Network Security, Inc...