EulerOS 2.0 SP9 : kernel (EulerOS-SA-2024-2394)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : kernel:ACPI: CPPC: Use accesswidth over bitwidth for system memory accessesCVE-2024-35995 ACPI: LPIT: Avoid u32 multiplication...

CVE-2024-44989 bonding: fix xfrm real_dev null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...

UBUNTU-CVE-2024-8382

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had...

CVE-2024-8382

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had...

CVE-2024-42290

In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clkprepare. However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping function...

CVE-2024-42313

A use-after-free vulnerability was found in the Linux kernel. The firmware can add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free. This issue could allo...

SUSE CVE-2024-42290

In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clkprepare. However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping function...

SUSE CVE-2024-42313

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with vdecclose. The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly...

AZL-48012 CVE-2024-42313 affecting package kernel for versions less than 6.6.47.1-1

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with vdecclose. The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly...

CVE-2024-42290

In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clkprepare. However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping function...

DEBIAN-CVE-2024-42290

In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clkprepare. However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping function...

CVE-2024-42313 media: venus: fix use after free in vdec_close

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with vdecclose. The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly...

CVE-2024-42313 media: venus: fix use after free in vdec_close

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with vdecclose. The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly...

CVE-2024-42290 irqchip/imx-irqsteer: Handle runtime power management correctly

In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clkprepare. However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping function...

PT-2024-32255

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the usbnet: ipheth section in the Linux kernel, where RX callbacks can fail due to multiple reasons such as payload being too short, payload formatted incorrectly...

CVE-2024-41092 drm/i915/gt: Fix potential UAF by revoke of fence registers

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915selftest@live@hangcheck on ADL-P and similar machines: 414.049203 i915: Running...

CVE-2024-41092 drm/i915/gt: Fix potential UAF by revoke of fence registers

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915selftest@live@hangcheck on ADL-P and similar machines: 414.049203 i915: Running...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in bpftimercancelandfree, where a deadlock may occur if two timer callbacks attempt to cancel each other, or...

PT-2024-37743 · WordPress · The Ultimate Wordpress Auction Plugin

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Auction Plugin versions prior to 4.2.7 Description: The issue allows unauthorized email creation and sending due to a missing capability check on the send auction email callback and resend auction email callback...

WordPress plugin Ultimate WordPress Auction Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...