BIT-RABBITMQ-2024-51988 HTTP API's queue deletion endpoint does not verify that the user has a required permission

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

AZL-54074 CVE-2024-50183 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...

DEBIAN-CVE-2024-50183

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...

UBUNTU-CVE-2024-50183

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...

CVE-2024-50206 net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: fix memory corruption during fq dma init The loop responsible for allocating up to MTKFQDMALENGTH buffers must only touch as many descriptors, otherwise it ends up corrupting unrelated memory. Fix the lo...

CVE-2024-50183 scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...

SUSE CVE-2024-50154

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

SUSE CVE-2024-50162

In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect rxq contains a pointer to the device from where the redirect happened. Currently, the BPF program that was executed after a redirect via BPFMAPTYPEDEVMAP does not have it set. This is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of a memory corruption problem during fq dma initialization...

CVE-2024-51988

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3...

CVE-2024-50145

In the Linux kernel, the following vulnerability has been resolved: octeonep: Add SKB allocation failures handling in octepoqprocessrx buildskb returns NULL in case of a memory allocation failure so handle it inside octepoqprocessrx to avoid NULL pointer dereference. octepoqprocessrx is called...

DEBIAN-CVE-2024-50154

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

AZL-52987 CVE-2024-50154 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

AZL-52967 CVE-2024-50154 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

CVE-2024-50145 octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()

In the Linux kernel, the following vulnerability has been resolved: octeonep: Add SKB allocation failures handling in octepoqprocessrx buildskb returns NULL in case of a memory allocation failure so handle it inside octepoqprocessrx to avoid NULL pointer dereference. octepoqprocessrx is called...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from waiting for fifo occupancy to fall below a threshold in an FPGA could result in a soft CPU lockup...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not providing rxq after redirection...

CVE-2024-51988

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

UBUNTU-CVE-2024-51988

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission

Summary Queue deletion via the HTTP API was not verifying the configure permission of the user. Impact Users who had all of the following: 1. Valid credentials 2. Some permissions for the target virtual host 3. HTTP API access could delete queues it had no deletion permissions for. Workarounds...