110 matches found
DEBIAN-CVE-2024-46704
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix spruious data race in flushwork When flushing a work item for cancellation, flushwork knows that it exclusively owns the work item through its PENDING bit. 134874e2eee9 "workqueue: Allow cancelworksync and...
CVE-2024-46704 workqueue: Fix spruious data race in __flush_work()
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix spruious data race in flushwork When flushing a work item for cancellation, flushwork knows that it exclusively owns the work item through its PENDING bit. 134874e2eee9 "workqueue: Allow cancelworksync and...
kernel: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races in unixreleasesock/unixstreamsendmsg A data-race condition has been identified in afunix. In one data path, the write function unixreleasesock atomically writes to sk-skshutdown using WRITEONCE. However, on...
CVE-2024-41005
In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpollowneractive KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in netrxaction / netpollsendskb write marked to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: netrxaction...
CVE-2024-40953
In the Linux kernel, the following vulnerability has been resolved: KVM: Fix a data race on lastboostedvcpu in kvmvcpuonspin Use READ,WRITEONCE to access kvm-lastboostedvcpu to ensure the loads and stores are atomic. In the extremely unlikely scenario the compiler tears the stores, it's...
SUSE CVE-2024-39508
In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: Use setbit and testbit at worker-flags Utilize setbit and testbit on worker-flags within iouring/io-wq to address potential data races. The structure ioworker-flags may be accessed through various data paths, leadi...
CVE-2024-41005
In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpollowneractive KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in netrxaction / netpollsendskb write marked to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: netrxaction...
CVE-2024-39508
In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: Use setbit and testbit at worker-flags Utilize setbit and testbit on worker-flags within iouring/io-wq to address potential data races. The structure ioworker-flags may be accessed through various data paths, leadi...
CVE-2024-41005 netpoll: Fix race condition in netpoll_owner_active
In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpollowneractive KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in netrxaction / netpollsendskb write marked to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: netrxaction...
CVE-2024-41005
In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpollowneractive KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in netrxaction / netpollsendskb write marked to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: netrxaction...
CVE-2024-41005
CVE-2024-41005 involves a race in the Linux kernel netpoll code. The issue stems from netpoll_owner_active reading napi->poll_owner non-atomically to determine lock ownership, allowing a data race between net_rx_action and netpoll_send_skb. The fix replaces the non-atomic check with an atomic ...
CVE-2024-39508
CVE-2024-39508 affects the Linux kernel’s io_uring io-wq path. The advisory details data-race issues on io_worker->flags exposed under concurrency (io_worker_handle_work and io_wq_activate_free_worker) and shows that the fix refactors flag manipulation to atomic operations using set_bit() and ...
CVE-2024-39508 io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: Use setbit and testbit at worker-flags Utilize setbit and testbit on worker-flags within iouring/io-wq to address potential data races. The structure ioworker-flags may be accessed through various data paths, leadi...
CVE-2024-39508 io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: Use setbit and testbit at worker-flags Utilize setbit and testbit on worker-flags within iouring/io-wq to address potential data races. The structure ioworker-flags may be accessed through various data paths, leadi...
CVE-2024-38596
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races in unixreleasesock/unixstreamsendmsg A data-race condition has been identified in afunix. In one data path, the write function unixreleasesock atomically writes to sk-skshutdown using WRITEONCE. However, on...
CVE-2024-38596 af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races in unixreleasesock/unixstreamsendmsg A data-race condition has been identified in afunix. In one data path, the write function unixreleasesock atomically writes to sk-skshutdown using WRITEONCE. However, on...
CVE-2024-36938 bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in skpsockskbingressenqueue Fix NULL pointer data-races in skpsockskbingressenqueue which syzbot reported 1. 1 BUG: KCSAN: data-race in skpsockdrop / skpsockskbingressenqueue write to...
CVE-2024-36938 bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in skpsockskbingressenqueue Fix NULL pointer data-races in skpsockskbingressenqueue which syzbot reported 1. 1 BUG: KCSAN: data-race in skpsockdrop / skpsockskbingressenqueue write to...
DEBIAN-CVE-2022-48689
In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report 1 showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using...
CVE-2022-48689
In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report 1 showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using...