1221 matches found
DEBIAN-CVE-2024-44937
In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...
CVE-2024-44937
In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...
UBUNTU-CVE-2024-44937
In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...
CVE-2024-44937
In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...
CVE-2024-44937
The CVE affects the Linux kernel’s Intel VBTN (platform/x86) ACPI notify handler. A race can occur when the notify_handler() runs on multiple CPUs after a change enabling those handlers to operate on all CPUs, notably observed on Dell Venue 7140 during undocking. The race could cause the input-de...
CVE-2024-44937 platform/x86: intel-vbtn: Protect ACPI notify handler against recursion
In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...
SUSE CVE-2022-48924
In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400notify It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 size 32: comm "kworker/0:2", pid 112, jiffies 4294893323 age 83.604s hex...
CVE-2022-48942 hwmon: Handle failure to register sensor with thermal zone correctly
In the Linux kernel, the following vulnerability has been resolved: hwmon: Handle failure to register sensor with thermal zone correctly If an attempt is made to a sensor with a thermal zone and it fails, the call to devmthermalzoneofsensorregister may return -ENODEV. This may result in crashes...
DEBIAN-CVE-2022-48924
In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400notify It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 size 32: comm "kworker/0:2", pid 112, jiffies 4294893323 age 83.604s hex...
UBUNTU-CVE-2022-48924
In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400notify It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 size 32: comm "kworker/0:2", pid 112, jiffies 4294893323 age 83.604s hex...
kernel: tls: race between async notify and socket close
A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete; any code past that point risks touching already freed data. This could lead to a use-after-free issue an...
kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
A use-after-free flaw was found in ip6routempathnotify in the Linux kernel. This may lead to a crash...
CLSA-2024-1722533082 kernel: Fix of 47 CVEs
afunix: Fix garbage collector racing against connect CVE-2024-26923 - netfilter: nftlimit: reject configurations that cause integer overflow CVE-2024-26668 - libbpf: Fix use-after-free in btfdumpnamedups CVE-2022-3534 - bpf: Fix partial dynptr stack slot reads/writes CVE-2023-39191 - ima: Fix...
kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
A use-after-free flaw was found in ip6routempathnotify in the Linux kernel. This may lead to a crash...
kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
A use-after-free flaw was found in ip6routempathnotify in the Linux kernel. This may lead to a crash...
Malicious code in next-react-notify (npm)
The package executes multiple malicious commands to download and execute further payloads. The tactics used are characteristic of an ongoing North Korean campaign...
CVE-2024-37485
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...
CVE-2024-37485
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...
CVE-2024-37485 WordPress bbPress Notify (No-Spam) plugin <= 2.18.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...
CVE-2024-37485 WordPress bbPress Notify (No-Spam) plugin <= 2.18.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...