CVE-2024-53104

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in...

Unspecified vulnerability in Linux kernel (CNVD-2024-46458)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a VM dma-resv lock release on xesyncinfenceget failure. No detailed vulnerability details are provided at th...

Unspecified vulnerability in Linux kernel (CNVD-2024-46457)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a security vulnerability that stems from memory reuse after release. No details of the vulnerability are provided at this time...

Unspecified vulnerability in Linux kernel (CNVD-2024-46416)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a security vulnerability that stems from a null pointer dereference. No details of the vulnerability are provided at this time...

USN-7121-2: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM...

CVE-2024-50301

In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in keytaskpermission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in kuidval include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uideq include/linux/uidgid.h:63...

CVE-2024-50283 ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3preauthhashrsp ksmbdusersessionput should be called under smb3preauthhashrsp. It will avoid freeing session before calling smb3preauthhashrsp...

CVE-2023-52921 drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpucspass1 Since the gangsize check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang @VAR10CK of Baidu Security...

CVE-2024-50261 macsec: Fix use-after-free while sending the offloading packet

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

CVE-2024-50223

CVE-2024-50223: In Linux kernel sched/numa, a potential null pointer dereference in task_numa_work() could occur when a stress scenario unmapped a child address space, causing vma_next() to return NULL. The backtrace shows dereferencing a NULL vma in vma_migratable, leading to a crash. Root cause...

CVE-2024-50150 usb: typec: altmode should keep reference to parent

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device release refers to its parent device, but without keeping a reference to it. When registering the altmode, get a reference to the parent and put it in the...

CVE-2024-50124 Bluetooth: ISO: Fix UAF on iso_sock_timeout

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on isosocktimeout conn-sk maybe have been unlinked/freed while waiting for isoconnlock so this checks if the conn-sk is still valid by checking if it part of isosklist...

LSN-0107-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass skb-sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be...

LSN-0107-1 Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass skb-sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be...

CVE-2024-50080 ublk: don't allow user copy for unprivileged device

In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLKFUSERCOPY requires userspace to call write on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow user copy for unprivilege...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference issue in the nilfspalloccommitfreeentry function in the nilfs2 file system...

Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005552 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. CVE-2024-40954:...

USN-7020-4: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - SCSI drivers; - F2FS file system; - BPF subsystem; - IPv4 networking;...

Unspecified vulnerability in Linux kernel (CNVD-2024-40292)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a security vulnerability that stems from a null pointer dereference. No details of the vulnerability are provided at this time...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: CVE-2023-6040 CVE-2024-26595 CVE-2024-26600 CVE-2021-46984 CVE-2023-52478 CVE-2023-52476 CVE-2023-52522 CVE-2021-47101 CVE-2021-47097 CVE-2023-52605 CVE-2024-26638 CVE-2024-26645 CVE-2024-26665...