CVE-2024-26963

A vulnerability was found in the Linux kernel's USB dwc3-am62.c driver, where improper checks may lead to a kernel panic or a module reload failure. This issue occurs because when the .remove function is called, the module might already be in a runtime-suspended state, meaning the hardware may be...

DEBIAN-CVE-2024-26976

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async PF workqueue when vCPU is being destroyed Always flush the per-vCPU async PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure tha...

DEBIAN-CVE-2024-26963

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module unload/reload behavior As runtime PM is enabled, the module can be runtime suspended when .remove is called. Do a pmruntimegetsync to make sure module is active before doing any register operations. Doi...

CVE-2024-26963

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module unload/reload behavior As runtime PM is enabled, the module can be runtime suspended when .remove is called. Do a pmruntimegetsync to make sure module is active before doing any register operations. Doi...

UBUNTU-CVE-2024-26963

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module unload/reload behavior As runtime PM is enabled, the module can be runtime suspended when .remove is called. Do a pmruntimegetsync to make sure module is active before doing any register operations. Doi...

CVE-2024-26963 usb: dwc3-am62: fix module unload/reload behavior

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module unload/reload behavior As runtime PM is enabled, the module can be runtime suspended when .remove is called. Do a pmruntimegetsync to make sure module is active before doing any register operations. Doi...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a security flaw in the unload/reload behavior of modules...

kernel: scsi: core: Remove the /proc/scsi/${proc_name} directory earlier

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Remove the /proc/scsi/$procname directory earlier Remove the /proc/scsi/$procname directory earlier to fix a race condition between unloading and reloading kernel modules. This fixes a bug introduced in 2009 by commit...

CVE-2024-26846

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

UBUNTU-CVE-2024-26846

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

CVE-2024-26846

CVE-2024-26846 affects the Linux kernel’s nvme-fc unloading path. A race between nvme_delete_ctrl and ida_destroy could double-free IDs, causing module unload hangs. The fix adds synchronization to ensure nvme_delete_ctrl code runs before leaving nvme_fc_exit_module and flushes the nvme_delete_wq...

CVE-2024-26846 nvme-fc: do not wait in vain when unloading module

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

kernel: net/mlx5e: Fix cleanup null-ptr deref on encap lock

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix cleanup null-ptr deref on encap lock During module is unloaded while a peer tc flow is still offloaded, first the peer uplink rep profile is changed to a nic profile, and so neigh encap lock is destroyed. Next duri...

kernel: ALSA: ymfpci: Create card with device-managed snd_devm_card_new()

A flaw was found in the Linux kernel's ALSA ymfpci sound driver. During a previous refactoring commit that removed sndcardymfpciremove, the sndcardnew call was not updated to snddevmcardnew. This omission means sndcardfree is never called during module unload, leading to a kernel oops when...

kernel: Linux kernel: Memory leak in RDMA/irdma subsystem leads to Denial of Service

A flaw was found in the Linux kernel's RDMA/irdma subsystem. When the irdma module is unloaded, certain memory objects PBLEs are not properly released, leading to a memory leak. A local attacker could repeatedly trigger this condition, causing system memory to be exhausted and resulting in a Deni...

kernel: Linux kernel: Memory leak in RDMA/irdma subsystem leads to Denial of Service

A flaw was found in the Linux kernel's RDMA/irdma subsystem. When the irdma module is unloaded, certain memory objects PBLEs are not properly released, leading to a memory leak. A local attacker could repeatedly trigger this condition, causing system memory to be exhausted and resulting in a Deni...

kernel: ALSA: ymfpci: Create card with device-managed snd_devm_card_new()

A flaw was found in the Linux kernel's ALSA ymfpci sound driver. During a previous refactoring commit that removed sndcardymfpciremove, the sndcardnew call was not updated to snddevmcardnew. This omission means sndcardfree is never called during module unload, leading to a kernel oops when...

kernel: ext4: Fix function prototype mismatch for ext4_feat_ktype

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mismatch for ext4featktype With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure the call...

USN-6254-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the doprlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0458 It was discovered that a race...

Ubuntu: Security Advisory (USN-6231-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...