Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition during the handling of smb2 session logout and setup, which could lead to memory reuse afte...

Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001011 fixes one issue. The following security issue was fixed: CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like Ya...

The vulnerability in the `usb_remote_smb_conf.cgi` script of NETGEAR XR1000 Wi-Fi routers allows a hacker to execute arbitrary commands.

The vulnerability in the usbremotesmbconf.cgi script of NETGEAR XR1000 Wi-Fi routers lies in the lack of measures for sanitizing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the sharename parameter...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a crash due to post-release reuse when the smb client performs asynchronous decryption...

CVE-2024-46796

...

CVE-2022-32742

...

CVE-2021-43566

...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...

UBUNTU-CVE-2024-46742

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of leasectxinfo in smb2open null-ptr-deref will occur when reqoplevel == SMB2OPLOCKLEVELLEASE and parseleasestate return NULL. Fix this by check if 'leasectxinfo' is NULL. Additionally,...

AZL-49288 CVE-2024-46686 affecting package kernel for versions less than 6.6.51.1-1

In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2newreadreq This happens when called from SMB2read while using rdma and reaching the rdmareadwritethreshold...

The vulnerability of the cifs_free_subrequest() function in Linux operating system kernels allows a hacker to compromise the accessibility of protected information.

The vulnerability of the cifsfreesubrequest function in SMB client kernels of Linux operating systems is related to errors in pointer manipulation when processing the ops field. Exploiting this vulnerability can allow an attacker to compromise the accessibility of protected information...

Open Policy Agent 安全漏洞

Open Policy Agent OPA is an open source, general-purpose policy engine from Open Policy Agent Open Source that enables unified, context-aware policy enforcement across the stack. A security vulnerability exists in Open Policy Agent versions prior to v0.68.0 that stems from improper input validati...

DEBIAN-CVE-2022-48919

In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifsgetroot When cifsgetroot fails during cifssmb3domount we call deactivatelockedsuper which eventually will call delayedfree which will free the context. In this situation we shoul...

USN-6950-4 linux-hwe-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - Block layer subsystem; - Bluetooth drivers; - Clock framework and...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...

PT-2024-5951 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a possible NULL dereference in the cifs free subrequest function of the Linux kernel's SMB client. This occurs when rdata-credits.value != 0 && rdata-server ==...

SUSE CVE-2024-42256

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifspreparewrite which will make cifs repick the server for the op before renegotiating credits; it then calls...

SUSE CVE-2024-41030

In the Linux kernel, the following vulnerability has been resolved: ksmbd: discard write access to the directory open mayopen does not allow a directory to be opened with the write access. However, some writing flags set by client result in adding write access on server, making ksmbd incompatible...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...