Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: linuxKernel.packages.linux_zen.linux-gpib

Found 160 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2023-6176
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Kernel: local dos vulnerability in scatterwalk_copychunks

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.

References

Affected products

kernel
  • *
kernel-rt
  • *

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-39191
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Kernel: ebpf: insufficient stack type checks in dynptr

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

References

Affected products

kernel
  • ==6.3-rc1
  • *
kernel-rt
  • *
kpatch-patch

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-4133
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Kernel: cxgb4: use-after-free in ch_flower_stats_cb()

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.

References

Affected products

kernel
  • ==6.3
  • *
kernel-rt
  • *

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-2860
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months, 1 week ago
Out-of-bounds read when setting hmac data

An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel.

References

Affected products

kernel
  • ==6.0-rc5
kernel-rt

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-32248
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Tree connection null pointer dereference denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

References

Affected products

kernel
  • ==6.4-rc1
kernel-rt

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-4459
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Kernel: vmxnet3: null pointer dereference in vmxnet3_rq_cleanup()

A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.

References

Affected products

Kernel
  • ==5.18
kernel
  • *
kernel-rt
  • *

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-32252
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Session null pointer dereference denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

References

Affected products

kernel
  • ==6.4-rc1
kernel-rt

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-4273
6.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 6 months, 1 week ago
Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry

A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.

References

Affected products

kernel
  • ==6.5-rc5
  • *
kernel-rt

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-39198
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.

References

Affected products

kernel
  • ==6.5-rc7
  • *
kernel-rt
  • *

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2024-0775
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Kernel: use-after-free while changing the mount option in __ext4_remount leading

A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.

References

Affected products

Kernel
  • ==6.4-rc2
kernel
  • <6.4-rc2
kernel-rt

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers