Medium: libuv

Issue Overview: libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to...

DEBIAN-CVE-2023-52508

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvmefciogetuuid The nvmefcfcpop structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvmefciogetuuid passing a...

SUSE CVE-2021-46969

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Fix invalid error returning in mhiqueue mhiqueue returns an error when the doorbell is not accessible in the current state. This can happen when the device is in non M0 state, like M3, and needs to be waken-up pri...

CVE-2023-52498 PM: sleep: Fix possible deadlocks in core system-wide PM code

In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume core code deadlocks, because asyncscheduledev executes its argument function synchronously if it...

USN-6651-3: Linux kernel (StarFive) vulnerabilities

It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...

USN-6647-2 linux-azure vulnerabilities

It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...

CLSA-2024-1709203515 kernel: Fix of 7 CVEs

KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...

CentOS 9 : libnbd-1.12.6-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libnbd-1.12.6-1.el9 build changelog. - A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly...

CentOS 9 : libnbd-1.12.5-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libnbd-1.12.5-1.el9 build changelog. - A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly...

Ubuntu: Security Advisory (USN-6653-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6651-2 linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5 vulnerabilities

It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...

USN-6666-1: libuv vulnerability

It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : libuv vulnerability (USN-6666-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6666-1 advisory. It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted...

UBUNTU-CVE-2021-46969

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Fix invalid error returning in mhiqueue mhiqueue returns an error when the doorbell is not accessible in the current state. This can happen when the device is in non M0 state, like M3, and needs to be waken-up pri...

CVE-2021-46935

In the Linux kernel, the following vulnerability has been resolved: binder: fix asyncfreespace accounting for empty parcels In 4.13, commit 74310e06be4d "android: binder: Move buffer out of area shared with user space" fixed a kernel structure visibility issue. As part of that patch, sizeofvoid w...

CVE-2021-46935

In the Linux kernel, the following vulnerability has been resolved: binder: fix asyncfreespace accounting for empty parcels In 4.13, commit 74310e06be4d "android: binder: Move buffer out of area shared with user space" fixed a kernel structure visibility issue. As part of that patch, sizeofvoid w...

CVE-2024-26605 PCI/ASPM: Fix deadlock when enabling ASPM

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep:...

FreeBSD : dns/c-ares -- malformatted file causes application crash (255bf44c-d298-11ee-9c27-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 255bf44c-d298-11ee-9c27-40b034429ecf advisory. - c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuratio...

USN-6652-1: Linux kernel (Azure) vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

USN-6652-1 linux-azure vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...