CVE-2024-50264 vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This issue is resolved ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from leaving a dangling sk pointer in the smccreate function...

PT-2024-8160 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability that can be exploited due to a dangling pointer dereference. This vulnerability may allow an attacker to elevate their...

DEBIAN-CVE-2024-50186

In the Linux kernel, the following vulnerability has been resolved: net: explicitly clear the sk pointer, when pf-create fails We have recently noticed the exact same KASAN splat as in commit 6cd4a78d962b "net: do not leave a dangling sk pointer, when socket creation fails". The problem is that...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which originates in the nfsd module, where a race condition exists, leading to possible dangling pointer usage when releasi...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible dangling pointer use in the tapriodump function in the net module, which is fixed by adding an RC...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the KVM module, where the redistributor is not properly logged off when a virtual machine creation fails ...

SUSE-SU-2024:3852-1 Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005549 fixes several issues. The following security issues were fixed: - CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. - CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. - CVE-2024-35863: Fixed potential...

SUSE SLES15 Security Update : kernel (Live Patch 27 for SLE 15 SP4) (SUSE-SU-2024:3780-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3780-1 advisory. This update for the Linux Kernel 5.14.21-15040024122 fixes several issues. The following security issues were fixed: - CVE-2021-47598: schcake:...

SUSE SLES15 Security Update : kernel (Live Patch 19 for SLE 15 SP4) (SUSE-SU-2024:3643-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3643-1 advisory. This update for the Linux Kernel 5.14.21-1504002492 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed...

Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600237 fixes several issues. The following security issues were fixed: CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808...

SUSE CVE-2024-47666

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy-enablecompletion only when we wait for it pm8001phycontrol populates the enablecompletion pointer with a stack address, sends a PHYLINKRESET / PHYHARDRESET, waits 300 ms, and returns. The problem arises when...

DEBIAN-CVE-2024-47666

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy-enablecompletion only when we wait for it pm8001phycontrol populates the enablecompletion pointer with a stack address, sends a PHYLINKRESET / PHYHARDRESET, waits 300 ms, and returns. The problem arises when...

UBUNTU-CVE-2024-47666

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy-enablecompletion only when we wait for it pm8001phycontrol populates the enablecompletion pointer with a stack address, sends a PHYLINKRESET / PHYHARDRESET, waits 300 ms, and returns. The problem arises when...

kernel: net: do not leave a dangling sk pointer, when socket creation fails

A vulnerability was found in the Linux kernel's networking component in the sockrelease function, where a dangling pointer can occur when socket creation fails. This happens when a reference to the socket is not cleared, leading to a use-after-free condition...

kernel: net: do not leave a dangling sk pointer, when socket creation fails

A vulnerability was found in the Linux kernel's networking component in the sockrelease function, where a dangling pointer can occur when socket creation fails. This happens when a reference to the socket is not cleared, leading to a use-after-free condition...

Apache mod_isapi Dangling Pointer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modisapi Dangling Pointer', 'Description' = %q This module triggers a use-after-free vulnerability in the Apache Software Foundation...

kernel: net: do not leave a dangling sk pointer, when socket creation fails

A vulnerability was found in the Linux kernel's networking component in the sockrelease function, where a dangling pointer can occur when socket creation fails. This happens when a reference to the socket is not cleared, leading to a use-after-free condition...

SUSE CVE-2024-40937

In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi-skb before devkfreeskbany gverxfreeskb incorrectly leaves napi-skb referencing an skb after it is freed with devkfreeskbany. This can result in a subsequent call to napigetfrags returning a dangling pointer. Fix...

SUSE CVE-2024-40954

In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: attaching an fentry probe to sockrelease and the probe calling the bpfgetsocketcookie helper running traceroute -I...