Product:

Enterprise_linux

(Redhat)
Date Id Summary Products Score Patch Annotated
2024-01-29 CVE-2023-40546 A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances. Fedora, Enterprise_linux, Shim 5.5
2024-01-29 CVE-2023-40549 An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service. Fedora, Enterprise_linux, Shim 5.5
2024-01-29 CVE-2023-40550 An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase. Fedora, Enterprise_linux, Shim 5.5
2024-01-29 CVE-2023-40551 A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase. Fedora, Enterprise_linux, Shim 5.1
2024-02-06 CVE-2024-1048 A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks. Fedora, Grub2, Enterprise_linux 3.3
2023-07-25 CVE-2023-3773 A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. Debian_linux, Fedora, Linux_kernel, Enterprise_linux 4.4
2023-08-09 CVE-2023-4273 A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. Debian_linux, Fedora, Linux_kernel, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Enterprise_linux 6.7
2023-09-25 CVE-2023-5156 A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. Glibc, Enterprise_linux 7.5
2023-11-16 CVE-2023-6121 An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). Enterprise_linux 4.3
2023-11-16 CVE-2023-6176 A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. Linux_kernel, Enterprise_linux 4.7