Количество 16
Количество 16
CVE-2024-43873
In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features
CVE-2024-43873
In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features
CVE-2024-43873
In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features
CVE-2024-43873
CVE-2024-43873
In the Linux kernel, the following vulnerability has been resolved: v ...
GHSA-rjp6-gjq7-25v6
In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features
BDU:2024-08071
Уязвимость функции seqpacket_allow() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
ROS-20250205-02
Множественные уязвимости kernel-lt
ELSA-2024-12815
ELSA-2024-12815: Unbreakable Enterprise kernel security update (IMPORTANT)
SUSE-SU-2024:3209-1
Security update for the Linux Kernel
SUSE-SU-2024:3190-1
Security update for the Linux Kernel
SUSE-SU-2024:3483-1
Security update for the Linux Kernel
ELSA-2025-6966
ELSA-2025-6966: kernel security update (MODERATE)
SUSE-SU-2024:3195-1
Security update for the Linux Kernel
SUSE-SU-2024:3383-1
Security update for the Linux Kernel
SUSE-SU-2024:3194-1
Security update for the Linux Kernel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-43873 In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features | CVSS3: 7.8 | 0% Низкий | 10 месяцев назад |
 | CVE-2024-43873 In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features | CVSS3: 7.1 | 0% Низкий | 10 месяцев назад |
 | CVE-2024-43873 In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features | CVSS3: 7.8 | 0% Низкий | 10 месяцев назад |
 | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад | |
| CVE-2024-43873 In the Linux kernel, the following vulnerability has been resolved: v ... | CVSS3: 7.8 | 0% Низкий | 10 месяцев назад |
| GHSA-rjp6-gjq7-25v6 In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features | CVSS3: 7.8 | 0% Низкий | 10 месяцев назад |
 | BDU:2024-08071 Уязвимость функции seqpacket_allow() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
 | ROS-20250205-02 Множественные уязвимости kernel-lt | CVSS3: 7.8 | 4 месяца назад | |
| ELSA-2024-12815 ELSA-2024-12815: Unbreakable Enterprise kernel security update (IMPORTANT) | 7 месяцев назад | ||
 | SUSE-SU-2024:3209-1 Security update for the Linux Kernel | 9 месяцев назад | ||
| SUSE-SU-2024:3190-1 Security update for the Linux Kernel | 9 месяцев назад | ||
| SUSE-SU-2024:3483-1 Security update for the Linux Kernel | 9 месяцев назад | ||
| ELSA-2025-6966 ELSA-2025-6966: kernel security update (MODERATE) | около 1 месяца назад | ||
| SUSE-SU-2024:3195-1 Security update for the Linux Kernel | 9 месяцев назад | ||
| SUSE-SU-2024:3383-1 Security update for the Linux Kernel | 9 месяцев назад | ||
| SUSE-SU-2024:3194-1 Security update for the Linux Kernel | 9 месяцев назад |
Уязвимостей на страницу