771 matches found
UBUNTU-CVE-2021-46938
In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blkmqtagset in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blkmqtagset for the device fails, a followi...
CVE-2021-46938 dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blkmqtagset in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blkmqtagset for the device fails, a followi...
CVE-2021-46938
In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blkmqtagset in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blkmqtagset for the device fails, a followi...
Advisory ROSA-SA-2024-2355
Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2020-14339 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability was discovered in libvirt that caused the /dev/mapper/control file descriptor to be exposed to...
CLSA-2024-1708094049 Fix of 8 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables: reject QUEUE/DROP verdict parameters CVE-url: https://ubuntu.com/security/CVE-2023-35827 - ravb: Fix use-after-fr...
CLSA-2024-1708171186 Fix of 10 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-23849 - net/rds: Fix UBSAN: array-index-out-of-bounds in rdscmsgrecv CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables...
CLSA-2024-1708171036 Fix of 10 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-23849 - net/rds: Fix UBSAN: array-index-out-of-bounds in rdscmsgrecv CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables...
CLSA-2024-1708094944 Fix of 8 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables: reject QUEUE/DROP verdict parameters CVE-url: https://ubuntu.com/security/CVE-2023-35827 - ravb: Fix use-after-fr...
AZL-33965 CVE-2024-23851 affecting package kernel for versions less than 5.15.153.1-1
copyparams in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INTMAX bytes, and crash, because of a missing paramkernel-datasize check. This is related to ctlioctl...
multipath-tools: Multiple Vulnerabilities
Background multipath-tools are used to drive the Device Mapper multipathing driver. Description Multiple vulnerabilities have been discovered in multipath-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
kernel: dm flakey: fix a crash with invalid table line
A flaw was identified in the device-mapper “dm flakey” target in the Linux kernel where invalid table line input can lead to a NULL pointer dereference. Specifically, when dmsetup is used with a malformed table line such as with the corruptbiobyte target and the argname pointer is NULL, the kerne...
kernel: dm cache: free background tracker's queued work in btracker_destroy
A memory leak was found in the device-mapper cache target in the Linux kernel. The btrackerdestroy function fails to free queued work items from the background tracker before destroying the slab cache. This triggers a BUG when kmemcacheshutdown finds objects still remaining...
kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos
A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component...
kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos
A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component...
kernel: dm flakey: don't corrupt the zero page
A flaw was found in the Linux kernel's dm-flakey device mapper target. When the corrupt bio writes option is enabled, dm-flakey can corrupt the kernel's global zero page. Since the zero page is shared system-wide and used by glibc's calloc implementation via mmap, corrupting it causes userspace...
kernel: dm stats: check for and propagate alloc_percpu failure
In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate allocpercpu failure Check allocprecpu's return value and return an error from dmstatsinit if it fails. Update allocdev to fail if dmstatsinit does. Otherwise, a NULL pointer dereference will occu...
kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos
A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component...
kernel: dm flakey: fix a crash with invalid table line
A flaw was identified in the device-mapper “dm flakey” target in the Linux kernel where invalid table line input can lead to a NULL pointer dereference. Specifically, when dmsetup is used with a malformed table line such as with the corruptbiobyte target and the argname pointer is NULL, the kerne...
Rocky Linux 9 : device-mapper-multipath (RLSA-2022:8453)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8453 advisory. - A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjuncti...
kernel: LoadPin bypass via dm-verity table reload
A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...