Download
| Alert*
oval:org.secpod.oval:def:1700925
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel's BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. A flaw was found in the Linux kern ... oval:org.secpod.oval:def:608638 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2021-4197 Eric Biederman reported that incorrect permission checks in the cgroup process migration implementation can allow a local attacker to escala ... oval:org.secpod.oval:def:88571 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for clo ... oval:org.secpod.oval:def:88371 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2021-4197 Eric Biederman reported that incorrect permission checks in the cgroup process migration implementation can allow a local attacker to escala ... oval:org.secpod.oval:def:707669 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for clo ... oval:org.secpod.oval:def:205961 Security Fix: kernel: race condition in perf_event_open leads to privilege escalation kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:3000134 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. This update is unfortunately not available for the armel architecture. CVE-2018-1108 It was discovered that the random driver could generate random bytes ... oval:org.secpod.oval:def:1601548 A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write. This flaw allo ... oval:org.secpod.oval:def:507011 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: race condition in perf_event_open leads to privilege escalation * kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root For more details about ... oval:org.secpod.oval:def:89046402 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to ca ... oval:org.secpod.oval:def:3300524 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:89046394 The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux ... oval:org.secpod.oval:def:3301204 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:89047716 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information . - CVE-2022-34918: Fixed a buffer overflow with nft_se ... oval:org.secpod.oval:def:89046787 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information . - CVE-2022-1 ... oval:org.secpod.oval:def:3300443 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:89047473 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. - ... oval:org.secpod.oval:def:89046414 The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-21123: Fixed a stale MMIO data transient whi ... oval:org.secpod.oval:def:707751 linux-gcp-5.4: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:507024 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * kernel: race condition in perf_event_open leads to privilege escalation * kernel: a use- ... oval:org.secpod.oval:def:4500994 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: race condition in perf_event_open leads to privilege escalation For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information ... oval:org.secpod.oval:def:1700929 A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionali ... oval:org.secpod.oval:def:1700928 A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege to create issues with confidentiality. A memory leak flaw was found in the Linux kernel's DMA subsystem, in the ... oval:org.secpod.oval:def:1701423 An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. A flaw was found in unrestri ... oval:org.secpod.oval:def:1505774 [5.4.17-2136.308.7.el7uek] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions. oval:org.secpod.oval:def:1700931 A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege to create issues with confidentiality. A memory leak flaw was found in the Linux kernel's DMA subsystem, in the ... oval:org.secpod.oval:def:85669 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2022-0494 The scsi_ioctl was susceptible to an information leak only exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO capabilities. CVE-2022-0 ... oval:org.secpod.oval:def:1505815 [3.10.0-1160.71.1.0.1.el7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.71.1.el7.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 less th ... oval:org.secpod.oval:def:707719 linux-intel-iotg: Linux kernel for Intel IoT platforms Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:122396 Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. oval:org.secpod.oval:def:122397 This package contains the tools/ directory from the kernel source and the supporting documentation. oval:org.secpod.oval:def:2600105 The kernel packages contain the Linux kernel, the core of any Linux operating system. oval:org.secpod.oval:def:707700 linux-oracle: Linux kernel for Oracle Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707744 linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1505818 [4.18.0-372.16.1.0.1.el8_6.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 less than or equal 15 ... oval:org.secpod.oval:def:2600026 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. oval:org.secpod.oval:def:86507 linux-gcp-5.4: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:88605 linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1505746 [4.14.35-2047.513.2.1.el7] - perf: Fix sys_perf_event_open race against self [Orabug: 34175592] {CVE-2022-1729} oval:org.secpod.oval:def:1505745 [5.4.17-2136.307.3.2] - perf: Fix sys_perf_event_open race against self [Orabug: 34172709] {CVE-2022-1729} oval:org.secpod.oval:def:86505 linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707703 linux-raspi: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707748 linux-gke: Linux kernel for Google Container Engine systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707731 linux-raspi-5.4: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:2500704 The kernel packages contain the Linux kernel, the core of any Linux operating system. oval:org.secpod.oval:def:507085 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: race condition in perf_event_open leads to privilege escalation For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information ... oval:org.secpod.oval:def:2500702 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. oval:org.secpod.oval:def:707697 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Google Container Engine systems - linux-gkeop: Linux kernel for Goo ... oval:org.secpod.oval:def:4500969 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: * kernel: race condition in perf_event_open leads to privilege escalation For more details about the security issue, including the impact, a C ... oval:org.secpod.oval:def:81607 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2022-0494 The scsi_ioctl was susceptible to an information leak only exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO capabilities. CVE-2022-0 ... oval:org.secpod.oval:def:1505636 [5.4.17-2136.307.3.2.el7uek] - perf: Fix sys_perf_event_open race against self [Orabug: 34172709] {CVE-2022-1729} oval:org.secpod.oval:def:86499 linux-oracle: Linux kernel for Oracle Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1505639 [4.14.35-2047.513.2.1.el7uek] - perf: Fix sys_perf_event_open race against self [Orabug: 34175592] {CVE-2022-1729} oval:org.secpod.oval:def:707738 linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1505638 [5.4.17-2136.307.3.2.el8] - perf: Fix sys_perf_event_open race against self [Orabug: 34172709] {CVE-2022-1729} oval:org.secpod.oval:def:1505637 [5.4.17-2136.307.3.2.el8uek] - perf: Fix sys_perf_event_open race against self [Orabug: 34172709] {CVE-2022-1729} oval:org.secpod.oval:def:88597 linux-hwe-5.15: Linux hardware enablement kernel - linux-lowlatency-hwe-5.15: Linux low latency kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707723 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-bluefield: Linux kernel for NVIDIA BlueField platforms - linux-gkeop: Linux kernel for Google Container Engine systems - linux-ibm: Linux kernel for I ... oval:org.secpod.oval:def:94899 linux-intel-iotg: Linux kernel for Intel IoT platforms Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:86497 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Google Container Engine systems - linux-gkeop: Linux kernel for Goo ... oval:org.secpod.oval:def:88596 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-bluefield: Linux kernel for NVIDIA BlueField platforms - linux-gkeop: Linux kernel for Google Container Engine systems - linux-ibm: Linux kernel for I ... oval:org.secpod.oval:def:94898 linux-raspi: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1505960 [5.14.0-70.17.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.17.1_0.OL9] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] ... oval:org.secpod.oval:def:122389 The kernel meta package oval:org.secpod.oval:def:1505764 [5.4.17-2136.308.7.el8] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions. oval:org.secpod.oval:def:86649 linux-gke: Linux kernel for Google Container Engine systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:122383 Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. oval:org.secpod.oval:def:1505768 [5.4.17-2136.308.7.el7] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions. oval:org.secpod.oval:def:122384 This package contains the tools/ directory from the kernel source and the supporting documentation. oval:org.secpod.oval:def:1505767 [5.4.17-2136.308.7.el8uek] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions. oval:org.secpod.oval:def:86647 linux-raspi-5.4: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707725 linux-hwe-5.15: Linux hardware enablement kernel - linux-lowlatency-hwe-5.15: Linux low latency kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:122387 The kernel meta package oval:org.secpod.oval:def:122388 The kernel meta package oval:org.secpod.oval:def:122385 Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. oval:org.secpod.oval:def:122386 This package contains the tools/ directory from the kernel source and the supporting documentation. oval:org.secpod.oval:def:89046396 The SUSE Linux Enterprise 12 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel . - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux k ... oval:org.secpod.oval:def:89046389 The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - C ... oval:org.secpod.oval:def:3300520 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:89046410 The SUSE Linux Enterprise 15 SP1 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-21123: Fixed a stale MMIO data transient whi ... oval:org.secpod.oval:def:89046405 The SUSE Linux Enterprise 15 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-21123: Fixed a stale MMIO data transient which c ... oval:org.secpod.oval:def:19500119 2023-05-11: CVE-2023-2019 was added to this advisory.A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system ... oval:org.secpod.oval:def:1507165 [5.4.17-2136.325.5.el7] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer when access dtc object sharing the same ... |