Enterprise Linux Power Big Endian Red Hat Enterprise Linux Power Big Endian

Do you want an email whenever new security vulnerabilities are reported in Red Hat Enterprise Linux Power Big Endian?

By the Year

In 2022 there have been 8 vulnerabilities in Red Hat Enterprise Linux Power Big Endian with an average score of 7.7 out of ten. Enterprise Linux Power Big Endian did not have any published security vulnerabilities last year. That is, 8 more vulnerabilities have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 8 7.74
2021 0 0.00
2020 0 0.00
2019 2 4.30
2018 0 0.00

It may take a day or so for new Enterprise Linux Power Big Endian vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Enterprise Linux Power Big Endian Security Vulnerabilities

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU

CVE-2022-0330 7.8 - High - March 25, 2022

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Improper Preservation of Permissions

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization

CVE-2021-3656 8.8 - High - March 04, 2022

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

AuthZ

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "

CVE-2021-44142 8.8 - High - February 21, 2022

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Out-of-bounds Read

A flaw was found in the way samba implemented SMB1 authentication

CVE-2016-2124 5.9 - Medium - February 18, 2022

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

authentification

A flaw was found in the way Samba maps domain users to local users

CVE-2020-25717 8.1 - High - February 18, 2022

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

Improper Input Validation

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches

CVE-2021-4091 7.5 - High - February 18, 2022

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.

Double-free

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication

CVE-2020-25719 7.2 - High - February 18, 2022

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

authentification

A local privilege escalation vulnerability was found on polkit's pkexec utility

CVE-2021-4034 7.8 - High - January 28, 2022

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Memory Corruption

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free

CVE-2019-7317 5.3 - Medium - February 04, 2019

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Dangling pointer

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'

CVE-2018-16866 3.3 - Low - January 11, 2019

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Out-of-bounds Read

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might

CVE-2015-3405 7.5 - High - August 09, 2017

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Insufficient Entropy

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might

CVE-2015-3214 - August 31, 2015

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Buffer Overflow

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier

CVE-2015-5165 - August 12, 2015

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Use of Uninitialized Resource

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5

CVE-2012-2665 - August 06, 2012

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.

Memory Corruption

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which

CVE-2007-6283 - December 18, 2007

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

Information Disclosure

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response

CVE-2006-5170 - October 10, 2006

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

Improper Handling of Exceptional Conditions

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe