GSD-2023-1001995 drm/vmwgfx: Remove rcu locks from user resources

drm/vmwgfx: Remove rcu locks from user resources This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...

GSD-2023-1001849 f2fs: initialize locks earlier in f2fs_fill_super()

f2fs: initialize locks earlier in f2fsfillsuper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...

GSD-2023-1001703 drm/vmwgfx: Remove rcu locks from user resources

drm/vmwgfx: Remove rcu locks from user resources This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...

PT-2023-34779 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.7 Description: The issue concerns the removal of rcu locks from user resources in the drm/vmwgfx component. It was introduced in version v4.20 and is fixed in Linux Kernel version v6.1.7. The actual impact...

AZL-13229 CVE-2023-0266 affecting package kernel for versions less than 5.15.92.1-1

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past...

DEBIAN-CVE-2023-0266

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past...

CVE-2023-0266

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past...

The vulnerability of the filelock_init function in the locking mechanism (fs/locks.c) of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the filelockinit function in the locking mechanism fs/locks.c of the Linux kernel is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a perpetrator to cause a service failure...

Vdisk locks are not clearing after shutting down a target from the PVS console running in Azure

PVS on Azure - When shutting down a target from the PVS console or the Azure portal vdisk locks are not releasing properly...

GSD-2023-1000292 char: tpm: Protect tpm_pm_suspend with locks

char: tpm: Protect tpmpmsuspend with locks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.226 by commit...

GSD-2023-1000229 mm/khugepaged: take the right locks for page table retraction

mm/khugepaged: take the right locks for page table retraction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.159 by commit...

PT-2023-33310 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.158 Description: The issue concerns the protection of tpm pm suspend with locks. It was introduced in version v5.1 and is fixed in Linux Kernel version v5.10.158. The actual impact and attack plausibility...

CVE-2022-36443

An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels wireless and SD card but it is still possible to use a physical connection Ethernet cable without restriction...

Unreleased locks cause the reward distribution to be flawed in BondNFT

Lines of code Vulnerability details Impact After a lock has expired, it doesn't get any rewards distributed to it. But, unreleased locks cause other existing bonds to not receive the full amount of tokens either. The issue is that as long as the bond is not released, the totalShares value isn't...

UBUNTU-CVE-2022-3996

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...

PT-2022-36069 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: The issue concerns the initialization of gfn to pfn cache locks in KVM. It was introduced in version v5.17 and fixed in Linux Kernel version v6.0.8. The actual impact and attack plausibility...

kernel: PM: core: keep irq flags in device_pm_check_callbacks()

In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in devicepmcheckcallbacks The function devicepmcheckcallbacks can be called under the spin lock in the reported case it happens from genpdadddevice - devpmdomainset, when the genpd uses spinlocks rather...

kernel: PM: core: keep irq flags in device_pm_check_callbacks()

In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in devicepmcheckcallbacks The function devicepmcheckcallbacks can be called under the spin lock in the reported case it happens from genpdadddevice - devpmdomainset, when the genpd uses spinlocks rather...

Improper Dependency Locking

JetBrains Kotlin is vulnerable to Improper Dependency Locking. The vulnerability exists in the internal function consumerApiUsage of KotlinUsages.kt because all files for configuration ':metadataCompileClasspath' cannot be resolved with gradle dependency locks which allows an attacker to modify t...

USN-5617-1: Xen vulnerabilities

It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use th...