Download
| Alert*
oval:org.secpod.oval:def:1700925
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel's BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. A flaw was found in the Linux kern ... oval:org.secpod.oval:def:608638 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2021-4197 Eric Biederman reported that incorrect permission checks in the cgroup process migration implementation can allow a local attacker to escala ... oval:org.secpod.oval:def:88371 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2021-4197 Eric Biederman reported that incorrect permission checks in the cgroup process migration implementation can allow a local attacker to escala ... oval:org.secpod.oval:def:1601548 A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write. This flaw allo ... oval:org.secpod.oval:def:507364 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * off-path attacker may inject data or terminate victim"s TCP session. oval:org.secpod.oval:def:3300927 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:2600093 The kernel packages contain the Linux kernel, the core of any Linux operating system. oval:org.secpod.oval:def:1506245 [5.14.0-162.6.1_1.OL9] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 - Remove nmap references from ... oval:org.secpod.oval:def:89047049 The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim"s TCP session . - CVE-2 ... oval:org.secpod.oval:def:89047047 The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice . - CVE-2022-3028: Fixed race condition tha ... oval:org.secpod.oval:def:89047004 The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries . - CVE-2022-2663: ... oval:org.secpod.oval:def:2600061 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. oval:org.secpod.oval:def:89047635 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO . - CVE-2022-2585: Fixed use-after-free in POSIX CPU timer . - CVE-2022-21505: Fixed kexec ... oval:org.secpod.oval:def:89047038 The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice . - CVE-2022-3028: Fixed race conditi ... oval:org.secpod.oval:def:3301174 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:86463 linux-oracle: Linux kernel for Oracle Cloud systems - linux-gcp-5.13: Linux kernel for Google Cloud Platform systems - linux-oracle-5.13: Linux kernel for Oracle Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1700929 A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionali ... oval:org.secpod.oval:def:1700928 A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege to create issues with confidentiality. A memory leak flaw was found in the Linux kernel's DMA subsystem, in the ... oval:org.secpod.oval:def:1701423 An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. A flaw was found in unrestri ... oval:org.secpod.oval:def:1700931 A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege to create issues with confidentiality. A memory leak flaw was found in the Linux kernel's DMA subsystem, in the ... oval:org.secpod.oval:def:706827 linux-gkeop: Linux kernel for Google Container Engine systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-gcp-5.4: Linux kernel for Google Cloud Platform systems - linux-gkeop-5.4: Linux kernel for Google Container Engine syst ... oval:org.secpod.oval:def:3300696 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:706828 linux-oracle: Linux kernel for Oracle Cloud systems - linux-gcp-5.13: Linux kernel for Google Cloud Platform systems - linux-oracle-5.13: Linux kernel for Oracle Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:88533 linux-gkeop: Linux kernel for Google Container Engine systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-gcp-5.4: Linux kernel for Google Cloud Platform systems - linux-gkeop-5.4: Linux kernel for Google Container Engine syst ... oval:org.secpod.oval:def:3301229 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:1700989 A use-after-free flaw was found in u32_change in net/sched/cls_u32.c in the network subcomponent of the Linux kernel. This flaw allows a local attacker to crash the system, cause a privilege escalation, and leak kernel information. oval:org.secpod.oval:def:89047414 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method . - CVE-2020-36557: Fixed race condition between the VT_DISALLOC ... oval:org.secpod.oval:def:4501084 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * off-path attacker may inject data or terminate victim"s TCP session * race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference * use-after-free vuln ... oval:org.secpod.oval:def:19500119 2023-05-11: CVE-2023-2019 was added to this advisory.A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system ... oval:org.secpod.oval:def:2500850 The kernel packages contain the Linux kernel, the core of any Linux operating system. oval:org.secpod.oval:def:507272 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * off-path attacker may inject data or terminate victim"s TCP session. oval:org.secpod.oval:def:4500936 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: * off-path attacker may inject data or terminate victim"s TCP session * Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL l ... oval:org.secpod.oval:def:1506178 [4.18.0-425.3.1.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 - Remove upstream reference duri ... oval:org.secpod.oval:def:2500862 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. |