Download
| Alert*
oval:org.secpod.oval:def:1507314
[4.14.35-2047.533.3.el7uek] - net: rfkill: gpio: set GPIO direction - sched/fair: Fix tg-gt;load when offlining a CPU [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD [Orabug: 36143229] - sched/rt: pick_next_rt_entity: check list_entry [Orabug: 35181559] {C ... oval:org.secpod.oval:def:3301831 Security update for the Linux Kernel oval:org.secpod.oval:def:89049280 The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched . * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq. * CVE-2023- ... oval:org.secpod.oval:def:1701985 A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information oval:org.secpod.oval:def:89049309 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' . * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec . * CVE-2023-2056 ... oval:org.secpod.oval:def:97783 [CLSA-2024:1705494430] kernel: Fix of 13 CVEs oval:org.secpod.oval:def:1701228 A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM advertising eIBRS support to L1. An attacker at L2 with code execution ... oval:org.secpod.oval:def:1507419 [4.1.12-124.78.2] - xfrm: fix crash in XFRM_MSG_GETSA netlink handler [Orabug: 35598955] {CVE-2023-3106} - netfilter: nf_tables: validate registers coming from userspace [Orabug: 34012909] {CVE-2022-1015} [4.1.12-124.78.1] - vc_screen: move load of struct vc_data pointer in vcs_read to avoid UAF ... oval:org.secpod.oval:def:89049268 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2018-20784: Fixed a denial of service by mishandled leaf cfs_rq in kernel/sched/fair.c . * CVE-2018-3639: Fixed Speculative Store Bypass aka 'Memory Disambigua ... oval:org.secpod.oval:def:89049266 The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: A transient execution attack called 'Gather Data Sampling' affecting is mitigated, together with respective Intel CPU Microcode updates . * CVE-2023 ... oval:org.secpod.oval:def:1701387 In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, ... oval:org.secpod.oval:def:89049271 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs . * CVE-2023-3776: Fixed improper refcount update in cls_fw lea ... oval:org.secpod.oval:def:1701390 A flaw was found in the Linux kernel Traffic Control subsystem. Using a specific networking configuration a local unprivileged user could trigger a CPU soft lockup when the transport protocol in use does a retransmission, resulting in a denial of service condition. A flaw was found in the Linux ... oval:org.secpod.oval:def:97784 [CLSA-2024:1705494763] kernel: Fix of 13 CVEs oval:org.secpod.oval:def:1601862 A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information oval:org.secpod.oval:def:19500258 A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of service condition on ... oval:org.secpod.oval:def:1506993 [4.14.35-2047.529.3.el7uek] - uek-rpm: Update kernel linux-firmware dependency to 20230516-999.26.git6c9e0ed5. [Orabug: 35724203] - LTS version: v4.14.322 - drm/edid: fix objtool warning in drm_cvt_modes - mtd: rawnand: omap_elm: Fix incorrect type in assignment - test_firmware: fix a memory lea ... oval:org.secpod.oval:def:1701238 A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM advertising eIBRS support to L1. An attacker at L2 with code execution ... oval:org.secpod.oval:def:89049339 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" . * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec . * CVE-2023-2056 ... oval:org.secpod.oval:def:89049337 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" . * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec . * CVE-2023-2056 ... oval:org.secpod.oval:def:1701239 A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol . A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service oval:org.secpod.oval:def:89049336 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" . * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec . * CVE-2023-2056 ... oval:org.secpod.oval:def:1701393 A flaw was found in the x86 KVM subsystem in kvm_steal_time_set_preempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. A denial of service problem was found, d ... oval:org.secpod.oval:def:3302303 Security update for the Linux Kernel oval:org.secpod.oval:def:89049311 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' . * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec . * CVE-2023-2056 ... oval:org.secpod.oval:def:1506975 [4.1.12-124.78.2.el7uek] - xfrm: fix crash in XFRM_MSG_GETSA netlink handler [Orabug: 35598955] {CVE-2023-3106} - netfilter: nf_tables: validate registers coming from userspace [Orabug: 34012909] {CVE-2022-1015} [4.1.12-124.78.1.el7uek] - vc_screen: move load of struct vc_data pointer in vcs_read ... oval:org.secpod.oval:def:3302065 Security update for the Linux Kernel oval:org.secpod.oval:def:3302002 Security update for the Linux Kernel oval:org.secpod.oval:def:1702121 A memory corruption flaw was found in the Linux kernel's human interface device subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_m ... oval:org.secpod.oval:def:509341 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Change ... oval:org.secpod.oval:def:3302348 Security update for the Linux Kernel RT oval:org.secpod.oval:def:3302275 Security update for the Linux Kernel oval:org.secpod.oval:def:3302316 Security update for the Linux Kernel oval:org.secpod.oval:def:509299 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: kernel: GSM multiplexing race condition leads to privilege escalation kernel: multiple use-after-free vulnerabilities kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation ... oval:org.secpod.oval:def:2501447 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. oval:org.secpod.oval:def:2501406 The kernel packages contain the Linux kernel, the core of any Linux operating system. oval:org.secpod.oval:def:19500115 It has been discovered that on some AMD CPUs, the RAS is dynamically partitioned between non-idle threads. This allows an attacker to control speculative execution on the adjacent thread. The upstream bug report describes this issue as follows:A flaw found in the Linux Kernel in RDS protocol. The ... |