Linux Kernel Organization, Inc. Security Vulnerabilities

(RHSA-2023:7539) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609) kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers:...

lunary-ai/lunary allows users unauthorized access to projects

In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...

Geutebruck - Remote Command Injection

Geutebruck is susceptible to multiple vulnerabilities its web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected...

CVE-2019-19065

A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability...

Fedora 40 : kernel (2024-aca908f73b)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-aca908f73b advisory. The 6.9.6 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly from the...

CVE-2023-4132

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service...

CVE-2023-39192

A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a...

CVE-2023-33951

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of....

CVE-2021-47195

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is.....

perl:5.32 security update

perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...

(RHSA-2023:7549) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163) kernel: tun: bugs for oversize packet when napi frags enabled in...

Exploit for Improper Initialization in Linux Linux Kernel

CVE-2022-0847 ** Description - POC for...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2024-21338 Local Privilege Escalation from Admin to...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2024-21338 Local Privilege Escalation from Admin to...

CVE-2024-26933

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...

(RHSA-2024:2585) Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283) kernel: mlxsw: spectrum_acl_tcam: Fix...

Exploit for Improper Initialization in Linux Linux Kernel

DirtyPipe Exploit for the DirtyPipe...

Exploit for Incomplete Cleanup in Linux Linux Kernel

CVE-2021-4032-NoGCC Test in: Ubuntu...

CVE-2023-4004

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the...

CVE-2023-2163

Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container...

CVE-2023-22471

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is...

Exploit for Use After Free in Linux Linux Kernel

CVE-2022-2602 This repository...

CVE-2023-36088

Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive...

eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type

eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php...

Exploit for Use After Free in Google Android

Bad Spin: Android Binder LPE Author: Moshe Kol Privilege...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-639)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-639 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-488)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-488 advisory. 2024-06-06: CVE-2023-52881 was added to this advisory. 2024-05-23: CVE-2023-6531 was added to this advisory. 2024-05-09: CVE-2023-6931 was added to this advisory. 2024-04-25: CVE-2023-6817...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-517)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-517 advisory. 2024-06-06: CVE-2023-52498 was added to this advisory. 2024-06-06: CVE-2023-52489 was added to this advisory. 2024-06-06: CVE-2024-26614 was added to this advisory. 2024-06-06: CVE-2023-52486...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-385)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-385 advisory. 2024-06-06: CVE-2023-52501 was added to this advisory. 2024-06-06: CVE-2023-52567 was added to this advisory. 2024-06-06: CVE-2023-52482 was added to this advisory. 2024-03-27: CVE-2023-52433...

CVE-2023-22470

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that...

Linux kernel (OEM) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-oem-6.5 - Linux kernel for OEM systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to...

File Level Restore - FUSE mount is not supported on kernel versions 4.0.0-4.1.33.

Recovery from backup on a machine running Linux kernel of one of versions 4.0.0-4.1.33 typically fails with ‘FUSE mount is not supported on kernel versions 4.0.0-4.1.33. Upgrade the kernel and try...

CVE-2023-4194

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -...

Insufficient Granularity Of Access Control

lunary is vulnerable to an Insufficient Granularity of Access Control vulnerability. The vulnerability is due to improper validation of dataset ownership, allowing users to create, update, get, and delete prompt variations for datasets not owned by their organization, leading to unauthorized...

CVE-2023-4133

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service...

RHEL 7 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c (CVE-2019-15505) kernel:...

CVE-2023-6176

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

CVE-2022-23485

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result.....

CVE-2024-22213

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the...

Authorization Bypass

Grafana vulnerable to Authorization Bypass Through User-Controlled Key. The vulnerability is due to insufficient validation of organization IDs in the DeleteDashboardSnapshot within dashboard_snapshot.go. This allows an attacker to bypass authorization and delete a snapshot by sending a DELETE...

Docker Privileged Container Kernel Escape

This module performs a container escape onto the host as the daemon user. It takes advantage of the SYS_MODULE capability. If that exists and the linux headers are available to compile on the target, then we can escape onto the...

Fedora 39 : kernel / kernel-headers (2024-2116a8468b)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-2116a8468b advisory. A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop...

CVE-2024-4146

In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...

Duplicate Advisory: Grafana vulnerable to authorization bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-67rv-qpw2-6qrr. This link is maintained to preserve external references. Original Description It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete.....

Symfony Vulnerable to PHP Eval Injection

Applications with ESI support (and SSI support as of Symfony 2.6) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server. HttpCache uses.....

RHEL 8 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: out-of-bounds write in __btrfs_map_block in fs/btrfs/volumes.c (CVE-2019-19816) Kernel:...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-585)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-585 advisory. 2024-06-06: CVE-2024-35801 was added to this advisory. 2024-06-06: CVE-2024-35809 was added to this advisory. 2024-05-23: CVE-2024-26883 was added to this advisory. 2024-05-23: CVE-2024-26865...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-519)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-519 advisory. 2024-06-06: CVE-2023-52698 was added to this advisory. 2024-04-25: CVE-2023-52462 was added to this advisory. 2024-04-25: CVE-2024-26591 was added to this advisory. 2024-04-25: CVE-2023-52467...

CVE-2023-39194

A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially...

CVE-2023-39189

A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information...