Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41218: git/torvalds/linux.git - Linux kernel source tree

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

CVE
#linux#git#auth#ssl

Age

Commit message (Expand)

Author

Files

Lines

2021-11-19

media: dvb-core: Convert to SPDX identifier

Cai Huoqing

1

-11/+1

2021-11-19

media: dmxdev: fix UAF when dvb_register_device() fails

Wang Hai

1

-3/+15

2021-06-09

media: dmxdev: change the check for problems allocing secfeed

Mauro Carvalho Chehab

1

-1/+1

2019-02-18

media: dvb-core: fix epoll() by calling poll_wait first

Hans Verkuil

1

-4/+4

2018-09-12

media: dvb: dmxdev: move compat_ioctl handling to dmxdev.c

Arnd Bergmann

1

-0/+1

2018-06-12

treewide: Use array_size() in vmalloc()

Kees Cook

1

-1/+2

2018-05-09

media: Revert cleanup ktime_set() usage

Jasmin Jessich

1

-1/+1

2018-02-23

media: dvb: update buffer mmaped flags and frame counter

Mauro Carvalho Chehab

1

-9/+15

2018-02-23

media: dmxdev: Fix the logic that enables DMA mmap support

Mauro Carvalho Chehab

1

-33/+42

2018-02-23

media: dmxdev: fix error code for invalid ioctls

Mauro Carvalho Chehab

1

-1/+1

2018-02-23

media: dvb: fix DVB_MMAP symbol name

Arnd Bergmann

1

-15/+15

2018-02-11

vfs: do bulk POLL* -> EPOLL* replacement

Linus Torvalds

1

-7/+7

2018-02-06

Merge tag ‘media/v4.16-2’ of git://git.kernel.org/pub/scm/linux/kernel/git/mc…

Linus Torvalds

1

-21/+211

2017-12-28

media: move dvb kAPI headers to include/media

Mauro Carvalho Chehab

1

-2/+2

2017-12-28

media: dvb-core: make DVB mmap API optional

Mauro Carvalho Chehab

1

-8/+58

2017-12-28

media: videobuf2: Add new uAPI for DVB streaming I/O

Satendra Singh Thakur

1

-28/+168

2017-11-27

media: annotate ->poll() instances

Al Viro

1

-4/+4

2017-10-31

media: dvb-core: Convert timers to use timer_setup()

Kees Cook

1

-5/+3

2017-09-05

media: get rid of removed DMX_GET_CAPS and DMX_SET_SOURCE leftovers

Mauro Carvalho Chehab

1

-20/+0

2017-09-05

media: dmx.h: split typedefs from structs

Mauro Carvalho Chehab

1

-2/+2

2017-02-03

[media] media: dvb: dmx: fixed coding style issues of spacing

devendra sharma

1

-5/+7

2017-01-27

[media] media: Drop FSF’s postal address from the source code files

Sakari Ailus

1

-4/+0

2016-12-25

ktime: Cleanup ktime_set() usage

Thomas Gleixner

1

-1/+1

2016-12-24

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

Linus Torvalds

1

-1/+1

2016-10-21

[media] dvb-core: get rid of demux optional circular buffer

Mauro Carvalho Chehab

1

-2/+2

2016-10-21

[media] dvb-core: use pr_foo() instead of printk()

Mauro Carvalho Chehab

1

-9/+15

2016-07-08

[media] dvb: use ktime_t for internal timeout

Arnd Bergmann

1

-1/+1

2016-01-11

[media] dvb: modify core to implement interfaces/entities at MC new gen

Mauro Carvalho Chehab

1

-2/+2

2015-10-06

[media] dvb: get rid of enum dmx_success

Mauro Carvalho Chehab

1

-4/+2

2015-10-06

[media] dvb: don’t keep support for undocumented features

Mauro Carvalho Chehab

1

-0/+4

2015-02-26

[media] dvb core: rename the media controller entities

Mauro Carvalho Chehab

1

-2/+2

2015-02-13

[media] dmxdev: add support for demux/dvr nodes at media controller

Mauro Carvalho Chehab

1

-3/+8

2014-09-03

[media] dmxdev: don’t use before checking file->private_data

Mauro Carvalho Chehab

1

-2/+1

2014-09-02

[media] media: check status of dmxdev->exit in poll functions of demux&dvr

Changbing Xiong

1

-1/+5

2014-09-02

[media] media: correct return value in dvb_demux_poll

Changbing Xiong

1

-1/+1

2013-10-24

dmxdev: get rid of pointless clearing ->f_op

Al Viro

1

-4/+0

2013-06-19

[media] media: dmxdev: remove dvb_ringbuffer_flush() on writer side

Soeren Moch

1

-6/+2

2013-04-08

[media] demux.h: Remove duplicated enum

Mauro Carvalho Chehab

1

-1/+1

2013-03-04

[media] mb86a20s: change AGC tuning parameters

Mauro Carvalho Chehab

1

-1/+2

2012-10-28

[media] dmxdev: fix a comparition of unsigned expression warning

Mauro Carvalho Chehab

1

-1/+1

2012-08-13

[media] dvb: move the dvb core one level up

Mauro Carvalho Chehab

1

-0/+1275

Related news

Red Hat Security Advisory 2023-3495-01

Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.

Red Hat Security Advisory 2023-3356-01

Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-3326-01

Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

RHSA-2023:2951: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...

RHSA-2023:2736: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user t...

Ubuntu Security Notice USN-6030-1

Ubuntu Security Notice 6030-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6024-1

Ubuntu Security Notice 6024-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6014-1

Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-6009-1

Ubuntu Security Notice 6009-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6001-1

Ubuntu Security Notice 6001-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-6000-1

Ubuntu Security Notice 6000-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5991-1

Ubuntu Security Notice 5991-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5987-1

Ubuntu Security Notice 5987-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5981-1

Ubuntu Security Notice 5981-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5982-1

Ubuntu Security Notice 5982-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5951-1

Ubuntu Security Notice 5951-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5940-1

Ubuntu Security Notice 5940-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.

CVE-2023-22436: en/security-disclosure/2023/2023-02.md · OpenHarmony/security - Gitee.com

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

Ubuntu Security Notice USN-5939-1

Ubuntu Security Notice 5939-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5934-1

Ubuntu Security Notice 5934-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5927-1

Ubuntu Security Notice 5927-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5924-1

Ubuntu Security Notice 5924-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5917-1

Ubuntu Security Notice 5917-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5915-1

Ubuntu Security Notice 5915-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907