CVE-2024-56586

CVE-2024-56586 concerns the Linux kernel f2fs subsystem. The issue arises when uninstalling a filesystem after a sequence that creates large files during a disabled checkpoint period, which can exhaust free segments. This leads to a BUG_ON in f2fs_evict_inode() when the root inode is dirty at unm...

DEBIAN-CVE-2024-53220

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in getsecsrequired It will trigger system panic w/ testcase in 1: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:newcurseg+0xc81/0x2110 Call Trace:...

UBUNTU-CVE-2024-53220

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in getsecsrequired It will trigger system panic w/ testcase in 1: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:newcurseg+0xc81/0x2110 Call Trace:...

cri-o: Checkpoint restore can be triggered from different namespaces

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...

Improper Authorization

github.com/cri-o/cri-o is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation during container restoration, allowing a malicious user to restore a pod without proper access to host mounts by exploiting the checkpoint restore process...

Exploit for Deserialization of Untrusted Data in Huggingface Transformers

CVE-2024-11394 Hugging Face Transformers Trax Model Deseri...

GHSA-JP26-88MW-89QR sigstore-java has a vulnerability with bundle verification

Summary sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. Impact This bug impacts clients using any variation of KeylessVerifier.verify Currently checkpoints are only used to ensure the root hash of an inclusion proof was...

CVE-2024-54140

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...

CVE-2024-54140 sigstore-java has a vulnerability with bundle verification

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...

CVE-2024-54140 sigstore-java has a vulnerability with bundle verification

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...

PT-2024-36069 · Unknown · Sigstore-Java

Name of the Vulnerable Software and Affected Versions: sigstore-java versions prior to 1.2.0 Description: The issue is related to insufficient verification for a situation where a bundle provides an invalid signature for a checkpoint. This affects clients using any variation of...

GO-2024-3292 CRI-O: Maliciously structured checkpoint file can gain arbitrary node access in github.com/cri-o/cri-o

CRI-O: Maliciously structured checkpoint file can gain arbitrary node access in github.com/cri-o/cri-o...

SUSE CVE-2024-8676

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...

CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

Impact Patches 1.31.1, 1.30.6, 1.29.8 Workarounds set enablecriusupport = false References Are there any links users can visit to find out more?...

GHSA-7P9F-6X8J-GXXP CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

Impact Patches 1.31.1, 1.30.6, 1.29.8 Workarounds set enablecriusupport = false References Are there any links users can visit to find out more?...

AZL-53540 CVE-2024-8676 affecting package cri-o 1.30.1-1

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...

CVE-2024-8676 Cri-o: checkpoint restore can be triggered from different namespaces

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...

CVE-2024-47690 f2fs: get rid of online repaire on corrupted directory

In the Linux kernel, the following vulnerability has been resolved: f2fs: get rid of online repaire on corrupted directory syzbot reports a f2fs bug as below: kernel BUG at fs/f2fs/inode.c:896! RIP: 0010:f2fsevictinode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: evict+0x532/0x950 fs/inode.c:704...

PT-2024-35668

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the f2fs file system in the Linux kernel. It can trigger a system panic when checkpoint disabling and lfs mode are both enabled, causing incorrect accounting of...

CVE-2024-47669

CVE-2024-47669 involves the Linux kernel nilfs2 write path. After a694291a6211, two error-path flaws could leave writeback flags uncleared and inodes with NILFS_I_COLLECTED set, causing writeback hangs or potential data non-write during checkpointing. The fix applies a uniform call to nilfs_segct...