Product:

Enterprise_linux

(Redhat)
Date Id Summary Products Score Patch Annotated
2022-11-08 CVE-2022-3821 An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. Fedora, Enterprise_linux, Systemd 5.5
2022-11-22 CVE-2022-3500 A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. Fedora, Keylime, Enterprise_linux 5.1
2022-11-29 CVE-2022-4144 An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. Extra_packages_for_enterprise_linux, Fedora, Qemu, Enterprise_linux 6.5
2023-01-27 CVE-2022-4285 An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. Fedora, Binutils, Enterprise_linux 5.5
2023-02-02 CVE-2022-3560 A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. Fedora, Pesign, Enterprise_linux 5.5
2023-02-15 CVE-2023-0361 A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data... Debian_linux, Fedora, Gnutls, Active_iq_unified_manager, Converged_systems_advisor_agent, Ontap_select_deploy_administration_utility, Enterprise_linux 7.4
2023-03-06 CVE-2022-3424 A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. Linux_kernel, Enterprise_linux 7.8
2023-03-06 CVE-2022-3707 A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. Linux_kernel, Enterprise_linux 5.5
2023-03-23 CVE-2023-1513 A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. Fedora, Linux_kernel, Enterprise_linux 3.3
2023-03-27 CVE-2021-3923 A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms. Fedora, Linux_kernel, Enterprise_linux 2.3