CVE-2024-43914

CVE-2024-43914 : In the Linux kernel md/raid5 code, the issue arises when --revert-reshape is used during a reshape; updating the raid from 5 to 4 disks while a reshape position is still set caused a mismatch where the old reshape position influenced writepos checks, triggering a panic. The fix c...

CVE-2024-43914

In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUGON while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUGON can be triggerred by the test:...

CVE-2024-43914 md/raid5: avoid BUG_ON() while continue reshape after reassembling

In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUGON while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUGON can be triggerred by the test:...

CVE-2024-43914 md/raid5: avoid BUG_ON() while continue reshape after reassembling

In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUGON while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUGON can be triggerred by the test:...

SUSE-SU-2024:1910-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata bsc1224806...

CVE-2024-3372

A vulnerability was found in MongoDB. A remote, unauthenticated attacker could trigger the flaw by providing an invalid BSON. This issue can cause the server to incorrectly serialize the file, impacting the availability and integrity...

CVE-2024-3372

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior t...

CVE-2023-50186

GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

Vulnerabilities fixed in Owncloud

Vulnerabilities have been fixed in Owncloud. A malicious party could exploit the vulnerabilities to cause a denial-of-service cause, or to bypass authentication and gain access to the victim's data. Owncloud has released updates to fix the vulnerabilities in Owncloud. For more information, see:...

NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image

A buffer overflow flaw was found in NTFS-3G. This issue occurs via a crafted metadata in an NTFS image that can cause code execution. A local attacker can exploit this issue if the NTFS-3G binary is setuid root. A physically proximate attacker can exploit this issue if the NTFS-3G software is...

UBUNTU-CVE-2023-45683

github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the...

CVE-2023-45683

CVE-2023-45683 affects the Go SAML library github.com/crewjam/saml. Affected versions fail to validate the ACS Location URI according to the parsed SAML binding, enabling an attacker to register a malicious Service Provider at the IdP and inject JavaScript in the ACS endpoint. This can cause Cros...

NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image

A buffer overflow flaw was found in NTFS-3G. This issue occurs via a crafted metadata in an NTFS image that can cause code execution. A local attacker can exploit this issue if the NTFS-3G binary is setuid root. A physically proximate attacker can exploit this issue if the NTFS-3G software is...

USN-6347-1: Linux kernel (Azure CVM) vulnerabilities

William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2022-4269 It was discovered that the NTFS file system...

Memory corruption

Memory corruption in Audio while validating and mapping metadata...

Qualcomm Chipsets Input Validation Error Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from audio memory corruption when validating and mapping metadata...

USN-6332-1: Linux kernel (Azure) vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 William Zhao discovered that the Traffic Control T...

USN-6312-1: Linux kernel vulnerabilities

It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...

USN-6254-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the doprlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0458 It was discovered that a race...

USN-6235-1 linux-oem-6.0 vulnerabilities

It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service system crash. CVE-2022-4842 Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel di...