CVE-2022-49064 cachefiles: unmark inode in use in error path

In the Linux kernel, the following vulnerability has been resolved: cachefiles: unmark inode in use in error path Unmark inode in use if error encountered. If the in-use flag leakage occurs in cachefilesopenfile, Cachefiles will complain "Inode already in use" when later another cookie with the...

CVE-2022-49064 cachefiles: unmark inode in use in error path

In the Linux kernel, the following vulnerability has been resolved: cachefiles: unmark inode in use in error path Unmark inode in use if error encountered. If the in-use flag leakage occurs in cachefilesopenfile, Cachefiles will complain "Inode already in use" when later another cookie with the...

CVE-2022-49062

The CVE-2022-49062 issue affects the Linux kernel component cachefiles, specifically a KASAN slab-out-of-bounds in cachefiles_set_volume_xattr. The bug arose when the code did not use the actual length of volume coherency data while setting the xattr, leading to an out-of-bounds write (noted in K...

CVE-2022-49062 cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefilessetvolumexattr Use the actual length of volume coherency data when setting the xattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in...

CVE-2022-49062

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefilessetvolumexattr Use the actual length of volume coherency data when setting the xattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in...

CVE-2022-49062 cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefilessetvolumexattr Use the actual length of volume coherency data when setting the xattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in...

CVE-2022-49062 cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefilessetvolumexattr Use the actual length of volume coherency data when setting the xattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from cachefilessetvolumexattr not properly using the actual length of the volume consistency data, which could le...

The vulnerability of the `cachefiles_ondemand_clean_object()` function (fs/cachefiles/ondemand.c) in the Linux kernel allows a malicious actor to exploit their privileges.

The vulnerability of the cachefilesondemandcleanobject function fs/cachefiles/ondemand.c in the Linux kernel is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to enhance their privileges...

The vulnerability of the `cachefiles_ondemand_send_req()` function (fs/cachefiles/ondemand.c) in the Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the cachefilesondemandsendreq function fs/cachefiles/ondemand.c in the Linux kernel is related to incorrect resource locking. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the cachefiles component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the cachefiles component in the Linux operating system’s kernel is related to improper locking mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “cachefiles”: requests are removed from xarray during flushing of requests. Even when the CACHEFILESDEAD flag is set, we can still read the requests. Therefore, in concurrent scenarios, a request may be accessed after it has been...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: cachefiles: fixed a slab-use-after-free in fscachewithdrawvolume We encountered the following issue during our fault injection stress test: ================================================================== BUG: KASAN:...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: cachefiles: Fixed the dentry leak in cachefilesopenfile. A dentry leak may occur when a lookup cookie and a cull operation are performed concurrently. P1 | P2 -----------------------------------------------------------...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Cyclic allocation of msgid to avoid reuse. Reusing the msgid after a maliciously completed reopen request may cause a read request to remain unprocessed, resulting in a hung task, as shown below: t1 | t2 | t3...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Wait for ondemandobjectworker to finish before dropping the object. When queuing ondemandobjectworker to re-open the object, cachefilesobject is not pinned. The cachefilesobject may be freed when the pending read...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: sched: schmultiq: fix possible OOB write in multiqtune CVE-2024-36978 In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-41014: xfs: add bounds checking to xlogrecoverprocessdata bsc1228408. CVE-2024-41013: xfs: do not walk off the end of a directory data block bsc1228405...

Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2024-40921: net: bridge: mst: pass vlan group directly to brmstvlansetstate bsc1227784. CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in brmstsetstate bsc1227781...

Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: CVE-2024-40921: net: bridge: mst: pass vlan group directly to brmstvlansetstate bsc1227784. CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in brmstsetstate bsc1227781...