Athlon™ X4 Processor Security Vulnerabilities

CVE-2024-26879 clk: meson: Add missing clocks to axg_clk_regmaps

In the Linux kernel, the following vulnerability has been resolved: clk: meson: Add missing clocks to axg_clk_regmaps Some clocks were missing from axg_clk_regmaps, which caused kernel panic during cat /sys/kernel/debug/clk/clk_summary [ 57.349402] Unable to handle kernel NULL pointer...

CVE-2024-26877 crypto: xilinx - call finalize with bh disabled

In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at...

CVE-2024-26879

In the Linux kernel, the following vulnerability has been resolved: clk: meson: Add missing clocks to axg_clk_regmaps Some clocks were missing from axg_clk_regmaps, which caused kernel panic during cat /sys/kernel/debug/clk/clk_summary [ 57.349402] Unable to handle kernel NULL pointer dereference.....

CVE-2024-26881

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is received on HIP08 devices The HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL, but the hardware can receive 1588 messages, and set the HNS3_RXD_TS_VLD_B bit, so,...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6725-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-2 advisory. An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and...

CVE-2024-26841

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Update cpu_sibling_map when disabling nonboot CPUs by defining & calling clear_cpu_sibling_map(), otherwise we get such errors on SMT systems: jump label: negative...

CVE-2024-26877

In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at...

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities IBM® Semeru Java™ Version 11 and Apache Commons

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11, Apache Commons Compress and Apache Commons Configuration used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 IF2 has addressed the applicable CVEs by upgrading to non-vulnerable versions of these libraries. Please...

Spring Framework 6.2.0-M1: Overriding Beans in Tests

Spring Framework 6.2.0-M1 has been released, including changes that resolve more than one hundred issues. Among those are a range of new features in Spring's testing support. In this post, I’d like to walk you through one of these new testing features: Bean Overriding support. The previous state...

Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...

Security Bulletin: IBM® Db2® may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. (CVE-2021-20373)

Summary Db2 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. Vulnerability Details ** CVEID: CVE-2021-20373 DESCRIPTION: **IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable...

De-risk the Software Supply Chain by Expanding Unparalleled Detection Coverage With Qualys VMDR and Software Composition Analysis

QIDs/CVEs When it comes to cybersecurity, speed is key in getting an edge over attackers. But when you consider that vulnerabilities weaponize 24 days faster than then they are remediated on average, cybersecurity stakeholders have a lot of catching up to do. While there are many ways defenders...

Security Bulletin: IBM® Db2® is affected by a vulnerability in an open source library boost (CVE-2012-2677)

Summary IBM® Db2® is affected by a vulnerability in an open source library boost. Vulnerability Details ** CVEID: CVE-2012-2677 DESCRIPTION: **Boost is vulnerable to a buffer overflow, caused by improper bounds checking by the ordered_malloc() function. By persuading a victim to open a...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-22036, CVE-2023-22006, CVE-2023-22041, CVE-2023-22049 and CVE-2023-22045)

Summary Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details ** CVEID: CVE-2023-22036 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Utility component could allow...

Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)

Summary IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. Vulnerability Details ** CVEID: CVE-2023-38729 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to sensitive information disclosure when...

Radeon™ Driver for DirectX® 11 Shader Vulnerabilities

AMD ID:AMD-SB-6012 Potential Impact: Arbitrary Code Execution Severity: High Summary AMD has received a report from a researcher at Cisco Talos detailing two arbitrary write vulnerabilities in the AMD Radeon™ user mode driver for DirectX®...

Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass Exploit

...

Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass

...

Mageia: Security Advisory (MGASA-2024-0103)

The remote host is missing an update for...

Disrupting AMD SEV-SNP on Linux® With Interrupts

AMD ID: AMD-SB-3008 Potential Impact: N/A Severity: N/A Summary Researchers from ETH Zurich have shared with AMD a paper titled “Heckler: Disrupting AMD SEV-SNP with Interrupts.” In their paper, the researchers report that a malicious hypervisor can potentially break confidentiality and integrity.....

Positron Broadcast Signal Processor TRA7005 1.20 Authentication Bypass Exploit

The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint...

Security Advisory 0094

Security Advisory 0094 PDF Date: April 5, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release 1.1 | April 5, 2024 | Update required configuration for exploitation and mitigation Description Arista Networks is providing this security update in response to the...

Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to multiple vulnerabilities.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An...

DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Software Data Center and Server

This High severity net.minidev:json-smart Dependency vulnerability was introduced in versions 8.20.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This net.minidev:json-smart Dependency vulnerability, with....

Positron Broadcast Signal Processor TRA7005 1.20 Authentication Bypass

...

Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit

Title: Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit Advisory ID: ZSL-2024-5813 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 04.04.2024 Summary The TRA7000 series is a set of products dedicated to broadcast,...

CVE-2024-26675

In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...

CVE-2024-26674

In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels >= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels <= v6.3. mce: [Hardwa...

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

Fedora: Security Advisory for pandoc (FEDORA-2024-b458482d48)

The remote host is missing an update for...

Fedora: Security Advisory for pandoc (FEDORA-2024-6ad6b9f417)

The remote host is missing an update for...

Security Advisory 0095

Security Advisory 0095 PDF Date: April 3, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-3094 CVSSv3.1 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Description Arista Networks is providing this...

Elasticsearch 8.4.0 < 8.11.1 DoS (ESA-2024-05)

The version of Elasticsearch installed on the remote host is between 8.4.0 and prior to 8.11.1. It is, therefore, affected by a denial of service (DoS) vulnerability, due to an uncaught exception that occurs when an encrypted PDF is passed to an attachment processor through the REST API. The...

CVE-2024-26768

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] With default config, the value of NR_CPUS is 64. When HW platform has more then 64 cpus, system will crash on these platforms. MAX_CORE_PIC is the maximum cpu....

Security Bulletin: NVIDIA CUDA Toolkit - April 2024

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the CUDA Toolkit Downloads page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update...

CVE-2024-26765

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before init_fn() for nonboot CPUs Disable IRQ before init_fn() for nonboot CPUs when hotplug, in order to silence such warnings (and also avoid potential errors due to unexpected interrupts): WARNING: CPU: 1....

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar table. Vulnerability Details ** CVEID: CVE-2024-22360 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service with a specially...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions (CVE-2024-27254)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-27254 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server is vulnerable to denial of service with a...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-25046)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2024-25046 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service by an authenticated user using a specially...

Security Bulletin: IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently (CVE-2023-52296)

Summary IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently. Vulnerability Details ** CVEID: CVE-2023-52296 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service when quering a...

CVE-2024-26674

In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels &gt;= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels &lt;= v6.3. mce:...

CVE-2024-26674

In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels &gt;= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels &lt;= v6.3. mce: [Hardwa...

CVE-2024-26674

In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels &gt;= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels &lt;= v6.3. mce: [Hardwa...

CVE-2024-26675

In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order &gt; MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...

CVE-2024-26675

In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order &gt; MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...

CVE-2024-26675

In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order &gt; MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity...

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

CVE-2024-26675 ppp_async: limit MRU to 64K

In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order &gt; MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...