kernel: net/mlx5: Add a timeout to acquire the command queue semaphore

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...

CVE-2024-41940

A vulnerability has been identified in SINEC NMS All versions V3.0. The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges...

CVE-2024-41940

Siemens SINEC NMS (versions prior to 3.0) contains an input validation vulnerability in the privileged command queue. An authenticated attacker could exploit improper input validation to execute OS commands with elevated privileges, effectively compromising the device. Public risk scores indicate...

CVE-2024-41940

A vulnerability has been identified in SINEC NMS All versions V3.0. The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges...

CVE-2024-41079 nvmet: always initialize cqe.result

In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesn't mandate that the first two double words aka results for the command queue entry need to be set to 0 when they are not used not specified. Though, the target implemention return...

CVE-2024-41079 nvmet: always initialize cqe.result

In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesn't mandate that the first two double words aka results for the command queue entry need to be set to 0 when they are not used not specified. Though, the target implemention return...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an uninitialized 0 in the result field of a command queue entry CQE when it is not in use, which could lead to...

CVE-2020-11640

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege...

CVE-2020-11640

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege...

CVE-2020-11640

ABB Advant MOD 300 AdvaBuild (versions 3.0–3.7 SP2) is affected by CVE-2020-11640 due to improper privilege management in the command queue. An attacker who gains access to the command queue can trigger execution of arbitrary executables on the AdvaBuild node, not limited to AdvaBuild utilities, ...

CVE-2020-11640 Elevation of Privilege

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege...

CVE-2020-11640 Elevation of Privilege

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege...

ABB Advant MOD 300 AdvaBuild 安全漏洞

ABB Advant MOD 300 AdvaBuild is an industrial control system from ABB Switzerland. A security vulnerability exists in ABB Advant MOD 300 AdvaBuild versions 3.0 through 3.7 SP2, which originates from the use of a command queue to initiate certain operations, and allows an attacker with access...

DEBIAN-CVE-2024-39492

In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Fix pmruntimegetsync warning in mbox shutdown The return value of pmruntimegetsync in cmdqmboxshutdown will return 1 when pm runtime state is active, and we don't want to get the warning message in this case. S...

DEBIAN-CVE-2024-38556

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...

AZL-57841 CVE-2024-38556 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...

UBUNTU-CVE-2024-38556

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...

CVE-2024-38556

CVE-2024-38556 affects the Linux kernel net/mlx5 code. The vulnerability arises from how the command queue semaphore timeout handling can allow an entry to be processed before an index is allocated, risking an out-of-bounds access at idx = -22 if the completion path proceeds without proper synchr...

CVE-2024-38556

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...

The vulnerability of the graphical driver of microprogramming software in Qualcomm’s embedded chips allows a hacker to execute arbitrary code.

The vulnerability of the graphical driver of embedded Qualcomm software lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code by destroying the context during the processing of objects in the KGSLGPUAUXCOMMANDTIMELINE queue...