Headline
CVE-2022-41674: git/torvalds/linux.git - Linux kernel source tree
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
AgeCommit message (Expand)AuthorFilesLines 2022-09-04Merge tag ‘wireless-next-2022-09-03’ of git://git.kernel.org/pub/scm/linux/ke…David S. Miller1-1/+1 2022-09-03wifi: mac80211: fix double SW scan stopJohannes Berg1-1/+1 2022-08-25wifi: mac80211: Fix UAF in ieee80211_scan_rx()Siddh Raman Pant1-4/+7 2022-07-15wifi: mac80211: fix multi-BSSID element parsingJohannes Berg1-4/+8 2022-06-20wifi: mac80211: move interface config to new structJohannes Berg1-1/+1 2022-05-04mac80211: upgrade passive scan to active scan on DFS channels after beacon rxFelix Fietkau1-0/+20 2021-09-23mac80211: always allocate struct ieee802_11_elemsJohannes Berg1-6/+10 2021-05-31mac80211: fix skb length check in ieee80211_scan_rx()Du Cheng1-5/+16 2020-09-28mac80211: convert S1G beacon to scan resultsThomas Pedersen1-4/+13 2020-09-28mac80211: s1g: choose scanning width based on frequencyThomas Pedersen1-0/+17 2020-09-28nl80211/cfg80211: support 6 GHz scanningTova Mussai1-2/+7 2020-07-31mac80211: remove unused flags argument in transmit functionsMathy Vanhoef1-1/+1 2020-07-31mac80211: use same flag everywhere to avoid sequence number overwriteMathy Vanhoef1-4/+3 2020-07-31nl80211: S1G band and channel definitionsThomas Pedersen1-0/+1 2020-05-31mac80211: Add HE 6GHz capabilities element to probe requestIlan Peer1-8/+9 2020-05-31mac80211: avoid using ext NSS high BW if not supportedJohannes Berg1-0/+6 2020-04-24mac80211: add freq_offset to RX statusThomas Pedersen1-1/+2 2020-04-24mac80211: handle channel frequency offsetThomas Pedersen1-0/+1 2020-02-21cfg80211: remove support for adjacent channel compensationEmmanuel Grumbach1-2/+1 2019-10-07mac80211: fix scan when operating on DFS channels in ETSI domainsAaron Komisar1-2/+28 2019-06-19treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500Thomas Gleixner1-4/+1 2019-02-08mac80211: support multi-bssidSara Sharon1-2/+9 2019-02-08mac80211: move the bss update from elements to an helperSara Sharon1-70/+80 2019-02-08mac80211: pass bssids to elements parsing functionSara Sharon1-35/+40 2018-11-09mac80211: allow hardware scan to fall back to softwareJohannes Berg1-4/+18 2018-06-30Merge tag ‘mac80211-next-for-davem-2018-06-29’ of git://git.kernel.org/pub/sc…David S. Miller1-6/+50 2018-06-15mac80211: support scan features for improved scan privacyJohannes Berg1-5/+30 2018-06-15mac80211: split ieee80211_send_probe_req()Johannes Berg1-2/+20 2018-06-15mac80211: add probe request building flagsJohannes Berg1-3/+4 2018-06-12treewide: kzalloc() -> kcalloc()Kees Cook1-1/+1 2018-03-21mac80211: inform wireless layer when frame RSSI is invalidTosoni1-1/+3 2017-09-21mac80211: oce: enable receiving of bcast probe respRoee Zamir1-9/+28 2017-04-28cfg80211: add request id to cfg80211_sched_scan_*() apiArend Van Spriel1-2/+2 2017-04-28mac80211: separate encoding/bandwidth from flagsJohannes Berg1-4/+4 2017-04-28mac80211: clean up rate encoding bits in RX statusJohannes Berg1-4/+4 2016-12-13mac80211: Remove unused ‘len’ variableKirtika Ruchandani1-5/+3 2016-09-15mac80211: fix scan completed tracingJohannes Berg1-1/+1 2016-07-06mac80211: report failure to start (partial) scan as scan abortJohannes Berg1-2/+3 2016-07-06mac80211: Add support for beacon report radio measurementAvraham Stern1-8/+34 2016-07-06nl80211: support beacon report scanningAvraham Stern1-2/+7 2016-04-12cfg80211: remove enum ieee80211_bandJohannes Berg1-6/+6 2016-04-05mac80211: Support a scan request for a specific BSSIDJouni Malinen1-1/+3 2016-04-05mac80211: allow drivers to report CLOCK_BOOTTIME for scan resultsJohannes Berg1-1/+3 2016-01-26mac80211: Requeue work after scan complete for all VIF types.Sachin Kulkarni1-1/+11 2016-01-14mac80211: handle sched_scan_stopped vs. hw restart raceEliad Peller1-0/+8 2015-12-02mac80211: do not actively scan DFS channelsAntonio Quartulli1-4/+5 2015-11-03mac80211: don’t reconfigure sched scan in case of wowlanEliad Peller1-5/+7 2015-10-14mac80211: remove PM-QoS listenerJohannes Berg1-1/+0 2015-10-13mac80211: use new cfg80211_inform_bss_frame_data() APIJohannes Berg1-10/+9 2015-06-10mac80211: convert HW flags to unsigned long bitmapJohannes Berg1-5/+5 2015-06-09mac80211: ignore invalid scan RSSI valuesSara Sharon1-1/+7 2015-06-02mac80211: rename single hw-scan flag to follow naming conventionJohannes Berg1-3/+3 2015-03-30mac80211: IBSS fix scan [email protected]/+16 2015-01-23mac80211: complete scan work immediately if quiesced or suspendedLuciano Coelho1-0/+5 2015-01-14mac80211: don’t defer scans in case of radar detectionEliad Peller1-1/+1 2015-01-14mac80211: remove local->radar_detect_enabledEliad Peller1-1/+1 2015-01-14mac80211: let flush() drop packets when possibleEmmanuel Grumbach1-2/+2 2014-11-19mac80211: allow drivers to support NL80211_SCAN_FLAG_RANDOM_ADDRJohannes Berg1-10/+38 2014-11-19mac80211: rcu-ify scan and scheduled scan request pointersJohannes Berg1-30/+49 2014-11-19mac80211: remove redundant checkEliad Peller1-1/+1 2014-09-05mac80211: add Intel Mobile Communications copyrightJohannes Berg1-0/+1 2014-08-26mac80211: scan: Replace rcu_assign_pointer() with RCU_INIT_POINTER()Andreea-Cristina Bernat1-1/+1 2014-06-25mac80211: split sched scan IEsDavid Spinadel1-23/+24 2014-06-25mac80211: support more than one band in scan requestDavid Spinadel1-25/+60 2014-05-09mac80211: handle failed restart/resume betterJohannes Berg1-5/+10 2014-04-09mac80211: use RCU_INIT_POINTERMonam Agarwal1-5/+5 2014-03-19mac80211: release sched_scan_sdata when stopping sched scanAlexander Bondar1-2/+4 2014-02-20mac80211: allow driver to return error from sched_scan_stopJohannes Berg1-1/+1 2014-02-11mac80211: fix IE buffer lenDavid Spinadel1-5/+2 2013-12-16mac80211: reschedule sched scan after HW restartDavid Spinadel1-14/+39 2013-12-16Merge remote-tracking branch ‘wireless-next/master’ into mac80211-nextJohannes Berg1-1/+1 2013-12-06Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/linvil…John W. Linville1-1/+1 2013-12-05mac80211: start_next_roc only if scan was actually runningEliad Peller1-1/+3 2013-12-05mac80211: determine completed scan type by defined opsEliad Peller1-8/+7 2013-12-03mac80211: remove duplicate codeEliad Peller1-8/+0 2013-11-25cfg80211: consolidate passive-scan and no-ibss flagsLuis R. Rodriguez1-5/+5 2013-11-25mac80211: fix scheduled scan rtnl deadlockJohannes Berg1-1/+1 2013-11-04Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/linvil…John W. Linville1-0/+19 2013-10-23Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-0/+19 2013-10-09mac80211: correctly close cancelled scansEmmanuel Grumbach1-0/+19 2013-09-26mac80211: change beacon/connection pollingStanislaw Gruszka1-2/+1 2013-07-16mac80211: allow scanning for 5/10 MHz channels in IBSSSimon Wunderlich1-6/+39 2013-07-16mac80211: select and adjust bitrates according to channel modeSimon Wunderlich1-2/+25 2013-06-13mac80211: track AP’s beacon rate and give it to the driverAlexander Bondar1-0/+9 2013-04-16mac80211: parse VHT channel switch IEsJohannes Berg1-1/+1 2013-04-08mac80211: check ERP info IE length in parserJohannes Berg1-3/+2 2013-03-25mac80211: Use a cfg80211_chan_def in ieee80211_hw_conf_chanKarl Beldan1-3/+3 2013-03-18mac80211: pass queue bitmap to flush operationJohannes Berg1-2/+2 2013-03-11mac80211: remove a few set but unused variablesJohannes Berg1-3/+0 2013-02-15mac80211: add radar detection command/eventSimon Wunderlich1-0/+3 2013-02-11mac80211: Add flushes before going off-channelSeth Forshee1-0/+3 2013-02-11mac80211: Fix tx queue handling during scansSeth Forshee1-3/+6 2013-02-11mac80211: introduce beacon-only timing dataJohannes Berg1-1/+4 2013-02-11cfg80211: pass wiphy to cfg80211_ref_bss/put_bssJohannes Berg1-1/+2 2013-01-31mac80211: improve latency and throughput while software scanningStanislaw Gruszka1-27/+5 2013-01-31mac80211: start auth/assoc timeout on frame statusJohannes Berg1-1/+2 2013-01-31mac80211: remove unused mesh data from bssJohannes Berg1-9/+0 2013-01-31mac80211: remove last_probe_resp from bssJohannes Berg1-3/+0 2013-01-28Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/linvil…John W. Linville1-10/+5 2013-01-16mac80211: synchronize scan off/on-channel and PS statesStanislaw Gruszka1-10/+5 2013-01-03mac82011: use frame control to differentiate probe resp/beaconEmmanuel Grumbach1-5/+4 2013-01-03mac80211: fix dtim_period in hidden SSID AP associationJohannes Berg1-12/+0 2013-01-03mac80211: fix ibss scanningStanislaw Gruszka1-10/+24 2012-12-11Merge branch ‘for-john’ of git://git.sipsolutions.net/mac80211-nextJohn W. Linville1-1/+1 2012-12-10mac80211: a few whitespace fixesJohannes Berg1-1/+1 2012-12-06Merge branch ‘for-john’ of git://git.kernel.org/pub/scm/linux/kernel/git/jber…John W. Linville1-9/+12 2012-11-30mac80211: make ieee80211_build_preq_ies saferJohannes Berg1-9/+12 2012-11-26Merge branch ‘for-john’ of git://git.kernel.org/pub/scm/linux/kernel/git/jber…John W. Linville1-8/+1 2012-11-23cfg80211: use DS or HT operation IEs to determine BSS channelJohannes Berg1-8/+1 2012-11-21Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/linvil…John W. Linville1-1/+1 2012-10-31mac80211: init sched_scan_iesDavid Spinadel1-1/+1 2012-10-18mac80211: add support for tx to abort low priority scan requestsSam Leffler1-4/+17 2012-10-17mac80211: use channel contextsJohannes Berg1-2/+2 2012-10-16mac80211: track whether to use channel contextsJohannes Berg1-0/+4 2012-09-07net/mac80211/scan.c: removes unnecessary semicolonPeter Senna Tschudin1-1/+1 2012-09-06mac80211: don’t hang on to sched_scan_iesJohannes Berg1-25/+14 2012-09-06Merge remote-tracking branch ‘mac80211/master’ into mac80211-nextJohannes Berg1-2/+1 2012-08-20mac80211: pass channel to ieee80211_send_probe_reqJohannes Berg1-1/+2 2012-08-20mac80211: check operating channel in scanJohannes Berg1-5/+4 2012-07-30mac80211: don’t clear sched_scan_sdata on sched scan stop requestEliad Peller1-1/+0 2012-07-30Merge remote-tracking branch ‘wireless/master’ into mac80211Johannes Berg1-58/+65 2012-07-24mac80211: fix scan_sdata assignmentJohannes Berg1-1/+1 2012-07-20Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/linvil…John W. Linville1-54/+62 2012-07-12mac80211: add time synchronisation with BSS for assocJohannes Berg1-1/+2 2012-07-12mac80211: redesign scan RXJohannes Berg1-34/+23 2012-07-12mac80211: track scheduled scan virtual interfaceJohannes Berg1-10/+10 2012-07-12mac80211: make scan_sdata pointer usable with RCUJohannes Berg1-9/+24 2012-07-12mac80211: fix invalid band deref building preq IEsArik Nemtsov1-0/+3 2012-06-12Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/linvil…John W. Linville1-2/+2 2012-06-06mac80211: unify SW/offload remain-on-channelJohannes Berg1-2/+2 2012-06-04net: Remove casts to same typeJoe Perches1-2/+1 2012-05-09mac80211: Convert compare_ether_addr to ether_addr_equalJoe Perches1-1/+1 2012-04-23mac80211: Support on-channel scan option.Ben Greear1-26/+69 2012-04-13mac80211: remove ieee80211_rx_bss_getMohammed Shafi Shajakhan1-14/+0 2012-04-13mac80211: do not scan and monitor connection in parallelStanislaw Gruszka1-1/+28 2012-03-28mac80211: fix oper channel timestamp updationRajkumar Manoharan1-1/+1 2012-03-07mac80211: Filter duplicate IE idsPaul Stewart1-20/+51 2012-03-05mac80211: use compare_ether_addr on MAC addresses instead of memcmpFelix Fietkau1-1/+2 2012-01-05Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/linvil…John W. Linville1-1/+1 2012-01-04mac80211: fix scan state machineMohammed Shafi Shajakhan1-1/+1 2011-12-19net: fix assignment of 0/1 to bool variables.Rusty Russell1-1/+1 2011-11-30mac80211: revert on-channel work optimisationsJohannes Berg1-2/+2 2011-11-22Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/torval…John W. Linville1-0/+1 2011-11-11mac80211: simplify scan state machineJohannes Berg1-122/+77 2011-10-31net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modulesPaul Gortmaker1-0/+1 2011-10-25Merge branch ‘pm-for-linus’ of git://git.kernel.org/pub/scm/linux/kernel/git/…Linus Torvalds1-1/+1 2011-10-11mac80211: pass no-CCK flag through to HW scanJohannes Berg1-0/+1 2011-09-27mac80211: Send the management frame at requested rateRajkumar Manoharan1-1/+2 2011-08-25PM QoS: Move and rename the implementation filesJean Pihet1-1/+1 2011-07-19mac80211: implement scan supported ratesJohannes Berg1-3/+3 2011-07-11Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/linvil…John W. Linville1-1/+2 2011-07-07mac80211: fix ie memory allocation for scheduled scansLuciano Coelho1-1/+2 2011-06-27mac80211: Drop DS Channel PARAM in directed probePaul Stewart1-1/+2 2011-06-27mac80211: restrict advertised HW scan ratesJohannes Berg1-2/+3 2011-06-17mac80211: add cancel_hw_scan() callbackEliad Peller1-16/+21 2011-05-27mac80211: Remove duplicate linux/slab.h include from net/mac80211/scan.cJesper Juhl1-1/+0 2011-05-16mac80211: abort scan_work immediately when the device goes downRajkumar Manoharan1-0/+5 2011-05-12cfg80211/mac80211: avoid bounce back mac->cfg->mac on sched_scan_stoppedLuciano Coelho1-6/+27 2011-05-11mac80211: add support for HW scheduled scanLuciano Coelho1-0/+99 2011-05-10mac80211: don’t drop frames where skb->len < 24 in ieee80211_scan_rx()Luciano Coelho1-1/+1 2011-03-07mac80211: fix scan race, simplify codeJohannes Berg1-40/+24 2011-02-09mac80211: Ensure power-level set properly for scanning.Ben Greear1-1/+8 2011-02-09mac80211: Allow scanning on existing channel-type.Ben Greear1-4/+2 2011-02-04mac80211: Optimize scans on current operating channel.Ben Greear1-25/+63 2011-01-21cfg80211: Extend channel to frequency mapping for 802.11jBruno Randolf1-1/+2 2010-10-07mac80211: fix sw scan lockingJohannes Berg1-2/+1 2010-10-06mac80211: avoid uninitialized var warning in ieee80211_scan_cancelJohn W. Linville1-3/+4 2010-10-06mac80211: compete scan to cfg80211 if deferred scan fail to startStanislaw Gruszka1-0/+2 2010-10-06mac80211: do not requeue scan work when not neededStanislaw Gruszka1-12/+3 2010-10-06mac80211: assure we also cancel deferred scan requestStanislaw Gruszka1-10/+25 2010-10-06mac80211: keep lock when calling __ieee80211_scan_completed()Stanislaw Gruszka1-36/+39 2010-10-06mac80211: reduce number of __ieee80211_scan_completed callsStanislaw Gruszka1-22/+29 2010-09-24mac80211: Add DS Parameter Set into Probe Request on 2.4 GHzJouni Malinen1-1/+2 2010-09-24mac80211: Filter ProbeReq SuppRates based on TX rate maskJouni Malinen1-1/+1 2010-08-27mac80211: allow scan to complete from any contextJohannes Berg1-8/+26 2010-08-16mac80211: per interface idle notificationJohannes Berg1-0/+2 2010-08-16mac80211: unify scan and work mutexesJohannes Berg1-15/+15 2010-08-04mac80211: fix scan locking wrt. hw scanJohannes Berg1-14/+0 2010-07-29mac80211: allow drivers to request DTIM periodJohannes Berg1-0/+4 2010-07-28Revert "mac80211: fix sw scan bracketing"Luis R. Rodriguez1-2/+2 2010-06-21mac80211: Fix compile warning in scan.c.Gertjan van Wingerde1-1/+1 2010-06-18mac80211: fix sw scan bracketingJohannes Berg1-2/+2 2010-05-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6Linus Torvalds1-19/+107 2010-05-05Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/linvil…John W. Linville1-13/+40 2010-05-03mac80211: improve IBSS scanningJohannes Berg1-1/+27 2010-04-28mac80211: do not wip out old supported ratesStanislaw Gruszka1-10/+11 2010-04-27mac80211: give virtual interface to hw_scanJohannes Berg1-2/+2 2010-04-15Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/linvil…John W. Linville1-0/+2 2010-04-11Merge branch ‘master’ of master.kernel.org:/pub/scm/linux/kernel/git/davem/ne…David S. Miller1-0/+1 2010-04-08mac80211: enhance tracingJohannes Berg1-0/+2 2010-03-30include cleanup: Update gfp.h and slab.h includes to prepare for breaking imp…Tejun Heo1-0/+1 2010-03-09mac80211: Improve software scan timingHelmut Schaa1-6/+65 2010-02-08Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/linvil…John W. Linville1-8/+19 2010-02-08mac80211: fix deferred hardware scan requestsJohannes Berg1-8/+10 2010-01-26mac80211: wait for beacon before enabling powersaveJohannes Berg1-4/+0 2010-01-12mac80211: add U-APSD client supportKalle Valo1-0/+18 2010-01-12mac80211: fix a few work bugsJohannes Berg1-0/+1 2010-01-06Revert "mac80211: replace netif_tx_{start,stop,wake}_all_queues"John W. Linville1-5/+5 2010-01-05mac80211: No need to include WEXT headers hereJouni Malinen1-1/+0 2009-12-28mac80211: Generalize off-channel operation helpers from scan codeJouni Malinen1-150/+6
Related news
Red Hat Security Advisory 2024-1188-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution, denial of service, memory leak, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...
Red Hat Security Advisory 2023-2148-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, out of bounds read, privilege escalation, traversal, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-2458-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, out of bounds read, privilege escalation, traversal, and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user t...
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780
Categories: Android Categories: News Tags: 2023-01-01 Tags: 2023-01-05 Tags: Google Tags: Android Tags: CVE-2022-42719 Tags: CVE-2022-42720 Tags: CVE-2022-42721 Tags: mac80211 Tags: CVE-2022-41674 Tags: Qualcomm Tags: CVE-2022-22088 Google has published its first security bulletin of 2023 with details of vulnerabilities affecting Android devices. It includes fixes for 60 security issues. (Read more...) The post Google patches 60 vulnerabilities in first Android update of 2023 appeared first on Malwarebytes Labs.
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
Ubuntu Security Notice 5752-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
Ubuntu Security Notice 5708-1 - Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5700-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5692-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5691-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5693-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.
Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.