65 matches found
kernel: cxl/mem: Fix no cxl_nvd during pmem region auto-assembling
In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix no cxlnvd during pmem region auto-assembling When CXL subsystem is auto-assembling a pmem region during cxl endpoint port probing, always hit below calltrace. BUG: kernel NULL pointer dereference, address:...
SUSE CVE-2024-49934
In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...
CVE-2024-49934
In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...
AZL-52972 CVE-2024-49934 affecting package kernel for versions less than 6.6.64.2-9
In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...
DEBIAN-CVE-2024-49934
In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...
AZL-52906 CVE-2024-49934 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...
UBUNTU-CVE-2024-49934
In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...
CVE-2024-49934 fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...
CVE-2024-49934
CVE-2024-49934: Linux kernel fault in fs/inode dump_mapping() when dumping mappings can access an invalid dentry.d_name.name during memory hot-remove, causing a crash. The advisory explains the root cause and notes a safer approach to retrieve the filename without relying on %pd, acknowledging th...
PT-2024-33776
Name of the Vulnerable Software and Affected Versions: Linux kernel version 6.10.0-rc2-lizhijian+ Description: A crash occurs during hot-remove of a memory device when a user is accessing the hugetlb, due to dump mapping accessing an invalid dentry.d name.name. The issue arises because dump mappi...
kernel: cxl/port: Fix delete_endpoint() vs parent unregistration race
In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix deleteendpoint vs parent unregistration race The CXL subsystem, at cxlmem -probe time, establishes a lineage of ports struct cxlport objects between an endpoint and the root of a CXL topology. Each port including th...
SUSE CVE-2024-26762
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While the expectation is that a PCI device can escalate to link reset to recover from an AER event, the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from incorrectly assuming that the endpoint mappings found are also part of a fully assembled region when looking...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that when the CXL subsystem automatically assembles the pmem region during cxl endpoint port probin...
SUSE CVE-2023-52771
In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix deleteendpoint vs parent unregistration race The CXL subsystem, at cxlmem -probe time, establishes a lineage of ports struct cxlport objects between an endpoint and the root of a CXL topology. Each port including th...
DEBIAN-CVE-2024-26762
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While the expectation is that a PCI device can escalate to link reset to recover from an AER event, the...
CVE-2024-26762
In CVE-2024-26762, the Linux kernel patch fixes a CXL error-handling path where the CXL.mem device detach flow could lead to a crash during AER handling. Specifically, the code previously reaped RAS status registers after unbinding the memdev, which could crash on a subsequent AER notification wh...
USN-6572-1 linux-azure vulnerabilities
Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Bien Pham discovered that the netfiler subsystem in the Linux...
CVE-2022-4172
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table ERST device of QEMU in the readerstrecord and writeerstrecord functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could...
DEBIAN-CVE-2022-2085
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an initdeviceprocs defined for the device that uses it as a prototype that depends upon the number of bits per...