CVE-2024-26870

CVE-2024-26870 describes a Linux kernel vulnerability in NFSv4.2 where listxattr could trigger a kernel BUG in mm/usercopy.c when size handling is incorrect. The connected Astra Linux entry mirrors the issue and provides a concrete fix: modify nfs4_listxattr() so that if size > 0 and the funct...

CVE-2024-26870 NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4listxattr kernel BUG at mm/usercopy.c:102 A call to listxattr with a buffer size = 0 returns the actual size of the buffer needed for a subsequent call. When size 0, nfs4listxattr does not return an error because...

kernel: ext4: kernel bug in ext4_write_inline_data_end()

A flaw was found in the openEuler kernel in Linux filesystem modules that allows an integer overflow via mounting a corrupted filesystem. This issue affects the openEuler kernel in versions from 4.19.90 through 4.19.90-2401.3 and 5.10.0-60.18.0 through 5.10.0-183.0.0...

SUSE CVE-2024-26805

In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in skbdatagramiter syzbot reported the following uninit-value access issue 1: netlinktofullskb creates a new skb and puts the skb-data passed as a 1st arg of netlinktofullskb onto new skb...

UBUNTU-CVE-2021-47217

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails Check for a valid hvvpindex array prior to derefencing hvvpindex when setting Hyper-V's TSC change callback. If Hyper-V setup failed in hypervinit, the kernel...

CVE-2024-26746

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Ensure safe user copy of completion record If CONFIGHARDENEDUSERCOPY is enabled, copying completion record from event log cache to user triggers a kernel bug. 1987.159822 usercopy: Kernel memory exposure attempt...

UBUNTU-CVE-2024-26783

In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeupkswapd with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been...

UBUNTU-CVE-2024-26746

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Ensure safe user copy of completion record If CONFIGHARDENEDUSERCOPY is enabled, copying completion record from event log cache to user triggers a kernel bug. 1987.159822 usercopy: Kernel memory exposure attempt...

CVE-2024-26746

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Ensure safe user copy of completion record If CONFIGHARDENEDUSERCOPY is enabled, copying completion record from event log cache to user triggers a kernel bug. 1987.159822 usercopy: Kernel memory exposure attempt...

CVE-2024-26709

A vulnerability was found in the spaprtceplatformiommuattachdev function in the Linux kernel, where a missing call to the iommugroupput function can lead to a reference count leak for IOMMU groups during DLPAR operations. This vulnerability could lead to kernel panics and instability...

CVE-2024-26746

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Ensure safe user copy of completion record If CONFIGHARDENEDUSERCOPY is enabled, copying completion record from event log cache to user triggers a kernel bug. 1987.159822 usercopy: Kernel memory exposure attempt...

CVE-2024-26726

CVE-2024-26726 : In the Linux kernel, a Btrfs bug could panic when writing the free-space inode because the extent map was dropped on a write error and then looked up again, yielding EXTENT_MAP_HOLE on a second pass. The fix removes dropping the extent_map range for the failed free-space cache wr...

CVE-2024-26687

CVE-2024-26687 concerns the Linux kernel xen/events subsystem. The issue arises from a lock-order inversion between irq_mapping_update_lock and irq_desc->lock in shutdown_pirq/startup_pirq paths, allowing race conditions where evtchn mappings can be torn down and re-established concurrently. S...

CVE-2024-26687

In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdownpirq and startuppirq are not taking the irqmappingupdatelock because they can't due to lock inversion. Both are called with the irqdesc-lock being taking. The lock order,...

kernel: ext4: kernel bug in ext4_write_inline_data_end()

A flaw was found in the openEuler kernel in Linux filesystem modules that allows an integer overflow via mounting a corrupted filesystem. This issue affects the openEuler kernel in versions from 4.19.90 through 4.19.90-2401.3 and 5.10.0-60.18.0 through 5.10.0-183.0.0...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2021-47145

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON in linktofixupdir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 1 SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ 305...

CVE-2021-47162 tipc: skb_linearize the head skb when reassembling msgs

In the Linux kernel, the following vulnerability has been resolved: tipc: skblinearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's fraglist if the fraglist already has skbs from elsewhere, such as this skb was created by pskbcopy where the fraglist w...

CVE-2021-47162

In the Linux kernel, the following vulnerability has been resolved: tipc: skblinearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's fraglist if the fraglist already has skbs from elsewhere, such as this skb was created by pskbcopy where the fraglist w...

CVE-2021-47162 tipc: skb_linearize the head skb when reassembling msgs

In the Linux kernel, the following vulnerability has been resolved: tipc: skblinearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's fraglist if the fraglist already has skbs from elsewhere, such as this skb was created by pskbcopy where the fraglist w...