Ericsson RAN Compute and Site Controller 6610 安全漏洞

Ericsson RAN Compute and Site Controller 6610 is a computer and site controller from Ericsson Sweden. A security vulnerability exists in the Ericsson RAN Compute and Site Controller 6610 that originates from incorrect input validation and could lead to arbitrary code execution...

WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability

Remote File Inclusion vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin Compute Links versions = 1.2.1...

WordPress Compute Links Plugin <= 1.2.1 is vulnerable to Remote File Inclusion

Software Compute Links Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote File Inclusion CVE CVE-2024-43261 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 6b5b6ec353fd Credits YCInfosec Required privilege Unauthenticate...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-42076)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42076 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data ...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (openstack-nova) security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (openstack-nova) (RHSA-2024:5113)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5113 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines,creating a redundant and...

SUSE CVE-2024-26762

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While the expectation is that a PCI device can escalate to link reset to recover from an AER event, the...

CVE-2024-42082

In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN from xdpregmemmodel syzkaller reports a warning in xdpregmemmodel. The warning occurs only if memidinithashtable returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtableinit...

CVE-2024-42114 wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211ATTRTXQQUANTUM values syzbot is able to trigger softlockups, setting NL80211ATTRTXQQUANTUM to 2^31. We had a similar issue in schfq, fixed with commit d9e15a273306 "pktsched: fq: do not accept sill...

CVE-2024-42111 btrfs: always do the basic checks for btrfs_qgroup_inherit structure

In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfsqgroupinherit structure BUG Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfsqgroupinherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277 Read of si...

CVE-2024-42111 btrfs: always do the basic checks for btrfs_qgroup_inherit structure

In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfsqgroupinherit structure BUG Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfsqgroupinherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277 Read of si...

CVE-2024-41097

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...

AZL-48057 CVE-2024-41085 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix no cxlnvd during pmem region auto-assembling When CXL subsystem is auto-assembling a pmem region during cxl endpoint port probing, always hit below calltrace. BUG: kernel NULL pointer dereference, address:...

UBUNTU-CVE-2024-41085

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix no cxlnvd during pmem region auto-assembling When CXL subsystem is auto-assembling a pmem region during cxl endpoint port probing, always hit below calltrace. BUG: kernel NULL pointer dereference, address:...

CVE-2024-42082

CVE-2024-42082 is a Linux kernel vulnerability where a syzkaller-triggered WARN was introduced in __xdp_reg_mem_model() when __mem_id_init_hash_table() failed. The issue arose only from memory allocation failure; a static const rhashtable_params prevented rhashtable_init() misconfiguration. The w...

CVE-2024-42082 xdp: Remove WARN() from __xdp_reg_mem_model()

In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN from xdpregmemmodel syzkaller reports a warning in xdpregmemmodel. The warning occurs only if memidinithashtable returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtableinit...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that when the CXL subsystem automatically assembles the pmem region during cxl endpoint port probin...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6918-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6918-1 advisory. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A...

USN-6911-1: Nova vulnerability

Arnaud Morin discovered that Nova incorrectly handled certain raw format images. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...

USN-6893-3: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. CVE-2024-24857, CVE-2024-24858, CVE-2024-24859 Several security issues we...