93 matches found
DEBIAN-CVE-2024-53086
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Drop VM dma-resv lock on xesyncinfenceget failure in exec IOCTL Upon failure all locks need to be dropped before returning to the user. cherry picked from commit 7d1a4258e602ffdce529f56686925034c1b3b095...
CVE-2024-53086 drm/xe: Drop VM dma-resv lock on xe_sync_in_fence_get failure in exec IOCTL
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Drop VM dma-resv lock on xesyncinfenceget failure in exec IOCTL Upon failure all locks need to be dropped before returning to the user. cherry picked from commit 7d1a4258e602ffdce529f56686925034c1b3b095...
UBUNTU-CVE-2024-50210
In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...
SUSE CVE-2024-49965
In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove unreasonable unlock in ocfs2readblocks Patch series "Misc fixes for ocfs2readblocks", v5. This series contains 2 fixes for ocfs2readblocks. The first patch fix the issue reported by syzbot, which detects bad unlock...
SUSE CVE-2024-50060
In the Linux kernel, the following vulnerability has been resolved: iouring: check if we need to reschedule during overflow flush In terms of normal application usage, this list will always be empty. And if an application does overflow a bit, it'll have a few entries. However, nothing obviously...
UBUNTU-CVE-2024-47676
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlbfault. This happens because vmfanonprepare could drop the per-VMA lock and allow the current VMA to be freed before hugetlbvmaunlockread is...
kernel: isdn: mISDN: Fix sleeping function called from invalid context
In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card-isac.release function from an atomic context. Fix this by calling this function after releasing the lock. The following log reveals it:...
kernel: isdn: mISDN: Fix sleeping function called from invalid context
In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card-isac.release function from an atomic context. Fix this by calling this function after releasing the lock. The following log reveals it:...
ALPINE-CVE-2024-31143
An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or witho...
UBUNTU-CVE-2024-31143
An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or witho...
CVE-2024-31143 double unlock in x86 guest IRQ handling
An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or witho...
Xen: double unlock in x86 guest IRQ handling (XSA-458)
An optional feature of PCI MSI called 'Multiple Message' allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or witho...
SUSE CVE-2024-31143
An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or witho...
PT-2024-23794
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns an optional feature of PCI MSI called "Multiple Message" that allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these...
DEBIAN-CVE-2021-47437
In the Linux kernel, the following vulnerability has been resolved: iio: adis16475: fix deadlock on frequency set With commit 39c024b51b560 "iio: adis16475: improve sync scale mode handling", two deadlocks were introduced: 1 The call to 'adiswritereg16' was not changed to it's unlocked version. 2...
UBUNTU-CVE-2021-47468
In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card-isac.release function from an atomic context. Fix this by calling this function after releasing the lock. The following log reveals it:...
mariadb: compress_write() fails to release mutex on failure
In MariaDB before 10.9.2, compresswrite in extra/mariabackup/dscompress.cc does not release datamutex upon a stream write failure, which allows local users to trigger a deadlock...
Google Android 资源管理错误漏洞
Google Android is a Linux-based open source operating system from Google. A code execution vulnerability exists in Google Android, which stems from a mix-up in the OnWakelockReleased instruction responsible for freeing memory in the attributeprocessor.cc component, and can be exploited by an...
DEBIAN-CVE-2022-31621
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dsxbstream.cc, when an error occurs streamctxt-destfile == NULL while executing the method xbstreamopen, the held lock is not released correctly, which allows local users to trigger a denial of service due to the...
CVE-2022-31624
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/serveraudit/serveraudit.c method logstatementex, the held lock lockbigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock...