Ubuntu Security Notice 6625-3 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.
52bdeffe5f0a9bcabf5888bdf230cc21b6b378f00b6361fdcb2347a717f725efUbuntu Security Notice 6625-2 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.
b66fd333f93de3d51bd80224f8e2d3a19cbfc05e73e64ee252cbdbc53d94990cUbuntu Security Notice 6625-1 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.
f216969201e4323ce6545b98d9b1f08db39bd8c3f06097ee0d2bd0d95e8ad152Ubuntu Security Notice 6604-2 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.
87adb9a0dd630857bb46668b561ed587d03265f1d69126841b1f12420169e7bcUbuntu Security Notice 6604-1 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.
d17c6353365258970841d80fc94ccc64beed6a1122b15a1bc1be29121160ed39Ubuntu Security Notice 6602-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.
e4ea46e063ed7320c58795d9803e3ac6d7fa5f331537b1801175adb5167bb09eUbuntu Security Notice 6577-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.
f5c75748cbd05864595b53a3d62429463f197d9429e3dc98c4eef18615631d48Gentoo Linux Security Advisory 202401-3 - Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation. Versions greater than or equal to 5.70-r1 are affected.
00bcf7d7f39e7957ade6ec3d65eccb58e969676ea0a1c77b50884d272960344fDebian Linux Security Advisory 5594-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
14c6c74cd19f5de7ddf98f535462c89656d00f4606e765c1a9e334df63a6e08fDebian Linux Security Advisory 5584-1 - It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to "true" to make sure that input connections only come from bonded device connections.
c60c03d128a6806b3f8d0e7cf027c5d53155058c8e252594daf8af61d204802dApple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.
0438f0a9537e5a05a2fce86952d5d7e45b1197dfffe609685a02eb3c1566aa69Ubuntu Security Notice 6540-1 - It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable.
8a870ceb8e8b80fecb7bdf6531423f8e70b239e9839c50be042ab87d8f8c36d4Red Hat Security Advisory 2023-7676-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a man-in-the-middle vulnerability.
7309ba6c927129d683e74a7e01c0064fa834be170846be389601a6a7590466eaUbuntu Security Notice 6532-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
0cdb4aa760fab31533df80e24faf46d100f20dc5ee5242cc463797b7fe3e75e1Ubuntu Security Notice 6494-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
f60fcecace1faaeb9fc2bd6e186bb143ebb3802e541e9c577ab37e5ad12177f5Ubuntu Security Notice 6494-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
b8155c22b0aee7834c05ed29a1774d0847591054fd409c28e4a01741d747e025
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed