Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization CVE-2024-46713 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd CVE-2024-46734 In the...

of/irq: Prevent device address out-of-bounds read in interrupt map walk

...

Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...

CLSA-2024-1728583928 Fix of 18 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-46802 - drm/amd/display: added NULL check at start of dcvalidatestream CVE-url: https://ubuntu.com/security/CVE-2024-46818 - drm/amd/display: fix sporadic multiple aux transaction failure - drm/amd/display: Check gpioid before used as array index...

CLSA-2024-1728583613 Fix of 18 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-46802 - drm/amd/display: added NULL check at start of dcvalidatestream CVE-url: https://ubuntu.com/security/CVE-2024-46818 - drm/amd/display: fix sporadic multiple aux transaction failure - drm/amd/display: Check gpioid before used as array index...

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs's privacy policy--available elsewhere in the app--allows for blanket...

PT-2024-40596 · Git +1 · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash occurred due to an unknown read issue. The crash state involves functions such as cfl sds len, unpack meta opts, and cmt mpack unpack map. No...

CBL Mariner 2.0 Security Update: hyperv-daemons / kernel (CVE-2023-52447)

The version of hyperv-daemons / kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52447 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of...

CVE-2024-23379

Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario...

CVE-2024-23379

CVE-2024-23379 concerns a memory corruption/double-free issue in Qualcomm DSP/Fastrpc services where two threads can free the same fastrpc map during unmapping, leading to memory corruption. Affected component: DSP Services/Fastrpc on Qualcomm chipsets. Root cause: concurrent unmapping frees the ...

CVE-2024-43047

Memory corruption while maintaining memory maps of HLOS memory. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

PT-2024-19854 · Fastrpc · Fastrpc

Name of the Vulnerable Software and Affected Versions: Fastrpc affected versions not specified Description: The issue is related to memory corruption that occurs when two threads attempt to free the same map in a concurrent scenario while unmapping the fastrpc map. Recommendations: At the moment,...

Friday Squid Blogging: Map of All Colossal Squid Sightings

Interesting map, from this paper. Blog moderation policy...

PT-2024-10113 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix versions prior to 7.0.3 Description: The issue is related to insufficient input validation in the Zabbix universal monitoring system. This can allow a remote attacker to elevate their privileges. When a URL is added to the map element,...

PT-2024-34047

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: A flaw in the Linux kernel has been fixed, related to improved error handling in the udf extend file function. The inode bmap function was refactored to handle errors since udf next aext can...

GHSA-X8GM-J36P-FPPF LibreNMS vulnerable to Stored Cross-site Scripting via File Upload

Summary Stored Cross-Site Scripting XSS can archive via Uploading a new Background for a Custom Map. Details Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger onload. This led to Stored Cross-Site Scripti...

LibreNMS vulnerable to Stored Cross-site Scripting via File Upload

Summary Stored Cross-Site Scripting XSS can archive via Uploading a new Background for a Custom Map. Details Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger onload. This led to Stored Cross-Site Scripti...

GHSA-4F8R-QQR9-FQ8J Incorrect delegation lookups can make go-tuf download the wrong artifact

During the ongoing work on the TUF conformance test suite, we have come across a test that reveals what we believe is a bug in go-tuf with security implications. The bug exists in go-tuf delegation tracing and could result in downloading the wrong artifact. We have come across this issue in the...

CVE-2024-8991

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osmmap and osmmapv3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress OSM plugin <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via osmmap and osmmapv3 Shortcodes vulnerability discovered by Peter Thaleikis in WordPress Plugin OSM versions = 6.1.0...