CVE-2021-47296 KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak

In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Fix kvmarchvcpuioctl vcpuload leak vcpuput is not called if the user copy fails. This can result in preempt notifier corruption and crashes, among other issues...

CVE-2021-47296

CVE-2021-47296 affects the Linux kernel KVM on PPC. The issue is a leak in vcpu_load due to vcpu_put not being called when a user copy fails, which can corrupt preempt notifiers and cause crashes. The vulnerability is resolved via a kernel patch (details present in the connected advisories), with...

DEBIAN-CVE-2024-36009

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix netdev refcount issue The devtracker is added to ax25cb in ax25bind. When the ax25 device is detaching, the devtracker of ax25cb should be deallocated in ax25killbydevice instead of the devtracker of ax25dev. The log...

WordPress plugin The Back In Stock Notifier for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

WordPress Back In Stock Notifier for WooCommerce plugin <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Back In Stock Notifier for WooCommerce versions = 5.3.1...

xnio: StackOverflowException when the chain of notifier states becomes problematically big

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service DoS...

SUSE CVE-2022-48675

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmputasync. From the below call trace 1 can see that calling mmput once we have the umemodp-umemmutex locked as required by...

DEBIAN-CVE-2022-48675

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmputasync. From the below call trace 1 can see that calling mmput once we have the umemodp-umemmutex locked as required by...

kernel: net/mlx5e: Take RTNL lock when needed before calling xdp_set_features()

A locking flaw in the Mellanox mlx5 Ethernet driver allowed calls to xdpsetfeatures without holding the required rtnetlink RTNL lock. A local administrator switching device profiles for example, from an uplink representor to a Network Interface Card profile could trigger notifier paths without...

RHEL 7 / 8 : Red Hat Ansible Automation Platform 1.2.2 (RHSA-2021:0781)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0781 advisory. Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine,...

SUSE CVE-2024-26820

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Register VF in netvscprobe if NETDEVICEREGISTER missed If hvnetvsc driver is unloaded and reloaded, the NETDEVICEREGISTER handler cannot perform VF register successfully as the register call is received before netvscpro...

DEBIAN-CVE-2024-26820

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Register VF in netvscprobe if NETDEVICEREGISTER missed If hvnetvsc driver is unloaded and reloaded, the NETDEVICEREGISTER handler cannot perform VF register successfully as the register call is received before netvscpro...

CLSA-2024-1712263970 kernel: Fix of 48 CVEs

bpf: Fix re-attachment branch in bpftracingprogattach CVE-2024-26591 - ext4: improve error recovery code paths in ext4remount CVE-2024-0775 - smb: client: fix OOB in receiveencryptedstandard CVE-2024-0565 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier CVE-2023-52449 - net:...

SUSE CVE-2023-52639

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...

Critical: Red Hat Security Advisory: ACS 4.3 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

DEBIAN-CVE-2023-5685

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service DoS...

UBUNTU-CVE-2023-5685

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service DoS...

CVE-2023-5685 Xnio: stackoverflowexception when the chain of notifier states becomes problematically big

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service DoS...

CLSA-2024-1711026811 kernel: Fix of 7 CVEs

netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one CVE-2023-39197 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier CVE-2023-52449 - media: pvrusb2: fix use after free on context disconnection CVE-2023-52445 - net: prevent mss overflow in skbsegment...

CLSA-2024-1711026398 kernel: Fix of 7 CVEs

netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one CVE-2023-39197 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier CVE-2023-52449 - media: pvrusb2: fix use after free on context disconnection CVE-2023-52445 - net: prevent mss overflow in skbsegment...