kernel: selinux,smack: don't bypass permissions check in inode_setsecctx hook

In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...

kernel: filelock: fix potential use-after-free in posix_lock_inode

A use-after-free vulnerability was found in the Linux kernel in traceposixlockinode. This issue occurred when the request pointer was changed to point to a lock entry added to the inode's list. Before the tracepoint could fire, another task raced in and freed the lock...

CVE-2024-53143

In the Linux kernel, the following vulnerability has been resolved: fsnotify: Fix ordering of iput and watchedobjects decrement Ensure the superblock is kept alive until we're done with iput. Holding a reference to an inode is not allowed unless we ensure the superblock stays alive, which fsnotif...

DEBIAN-CVE-2024-53143

In the Linux kernel, the following vulnerability has been resolved: fsnotify: Fix ordering of iput and watchedobjects decrement Ensure the superblock is kept alive until we're done with iput. Holding a reference to an inode is not allowed unless we ensure the superblock stays alive, which fsnotif...

CVE-2024-53143 fsnotify: Fix ordering of iput() and watched_objects decrement

In the Linux kernel, the following vulnerability has been resolved: fsnotify: Fix ordering of iput and watchedobjects decrement Ensure the superblock is kept alive until we're done with iput. Holding a reference to an inode is not allowed unless we ensure the superblock stays alive, which fsnotif...

CVE-2024-53143

CVE-2024-53143 affects the Linux kernel’s fsnotify path, fixing an ordering issue where iput() must complete before decrementing the watched_objects count. The patch ensures the superblock remains alive until iput() is done, preventing a potential use-after-free (UAF) of sb->s_fs_info in tmpfs...

CVE-2024-53112

In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: ? diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ?...

CVE-2024-53112 ocfs2: uncache inode which has failed entering the group

In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: ? diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ?...

CVE-2024-53112

CVE-2024-53112 affects the Linux kernel via the OCFS2 group add path. The issue occurs when ioctl(OCFS2_IOC_GROUP_ADD, …) fails for an inode; the corresponding buffer head remains cached and a subsequent ioctl triggers a BUG in ocfs2_set_new_buffer_uptodate() while caching the same buffer head. T...

CVE-2024-53112

In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: ? diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ?...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an inode in the ocfs2 component not being removed from the cache when joining a group fails, resulting in a...

The vulnerability of the isofs component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the isofs component in the Linux operating system’s kernel is related to reading data beyond the allowed range in memory for the isofsread inode function. Exploiting this vulnerability can allow an attacker to cause a service failure...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: filelock: A potential “use-after-free” issue was fixed in posixlockinode. Light Hsieh reported a KASAN UAF warning in traceposixlockinode. The request pointer was previously changed to point to a lock entry that was added to t...

CVE-2024-50243

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix general protection fault in runismappedfull Fixed deleating of a non-resident attribute in ntfscreateinode rollback...

OESA-2024-2426 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcsgetfunction pinmuxgenericgetfunction can return NULL and the pointer 'function' was dereferenced without...

OESA-2024-2425 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcsgetfunction pinmuxgenericgetfunction can return NULL and the pointer 'function' was dereferenced without...

OESA-2024-2424 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcsgetfunction pinmuxgenericgetfunction can return NULL and the pointer 'function' was dereferenced without...

CLSA-2024-1731603213 Fix of 76 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-44946 - kcm: Serialise kcmsendmsg for the same socket. CVE-url: https://ubuntu.com/security/CVE-2024-42292 - kobjectuevent: Fix OOB access within zapmodaliasenv CVE-url: https://ubuntu.com/security/CVE-2024-41042 - netfilter: nftables: prefer...

kernel: ipc: fix memory leak in init_mqueue_fs()

In the Linux kernel, the following vulnerability has been resolved: ipc: fix memory leak in initmqueuefs When setupmqsysctls failed in initmqueuefs, mqueueinodecachep is not released. In order to fix this issue, the release path is reordered...

kernel: filelock: fix potential use-after-free in posix_lock_inode

A use-after-free vulnerability was found in the Linux kernel in traceposixlockinode. This issue occurred when the request pointer was changed to point to a lock entry added to the inode's list. Before the tracepoint could fire, another task raced in and freed the lock...