exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2024-36016

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size.

Related Files

Kernel Live Patch Security Notice LSN-0106-1
Posted Aug 20, 2024
Authored by Benjamin M. Romer

In the Linux kernel, vulnerabilities in netfilter, tls, and tty have been resolved.

tags | advisory, kernel, vulnerability
systems | linux
advisories | CVE-2023-52620, CVE-2024-26585, CVE-2024-36016
SHA-256 | 26f9dfe489d13089790305d8f67825c601335c35926cd154fac7a9ac2ed36d53
Ubuntu Security Notice USN-6956-1
Posted Aug 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6956-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52585, CVE-2023-52882, CVE-2024-25742, CVE-2024-26886, CVE-2024-26900, CVE-2024-26980, CVE-2024-27017, CVE-2024-27398, CVE-2024-27401, CVE-2024-35848, CVE-2024-35947, CVE-2024-36016, CVE-2024-36017, CVE-2024-36883
SHA-256 | f464d432d9b36ce1075f907239578c853edeab79402ddca247833a78cc930be9
Ubuntu Security Notice USN-6953-1
Posted Aug 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6953-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2021-47131, CVE-2022-48655, CVE-2022-48674, CVE-2023-52434, CVE-2023-52882, CVE-2024-26583, CVE-2024-26907, CVE-2024-27398, CVE-2024-27401, CVE-2024-33621, CVE-2024-35976, CVE-2024-36016, CVE-2024-36017, CVE-2024-36270
SHA-256 | b1ed67fee33b4917c2d819ae313e1d458b7c4e2db993a5cf83d2ec6c6b54d6dd
Ubuntu Security Notice USN-6921-1
Posted Jul 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6921-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2024-25742, CVE-2024-35997, CVE-2024-36008, CVE-2024-36016
SHA-256 | f21012d26bb2d7955b293ca300cc71afa2c6c54d91aeb2e68d7f99a4c54f7d37
Ubuntu Security Notice USN-6923-1
Posted Jul 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6923-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52752, CVE-2024-25742, CVE-2024-27017, CVE-2024-36016
SHA-256 | f1478e6fbfb5ae574e77c100a2ce319395b280eba6b7976833ad785e429368d6
Debian Security Advisory 5730-1
Posted Jul 16, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5730-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2022-43945, CVE-2022-48772, CVE-2024-25741, CVE-2024-26629, CVE-2024-27019, CVE-2024-31076, CVE-2024-33621, CVE-2024-33847, CVE-2024-34027, CVE-2024-35247, CVE-2024-36014, CVE-2024-36015, CVE-2024-36016, CVE-2024-36270
SHA-256 | 5695db9a181faca11e0a918e56356aebed3f6ade1f14c4e4d4d31b821067795a
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close