7527 matches found
CVE-2024-9423
Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs...
SUSE CVE-2024-46847
In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmapblock is initialised before adding to queue Commit 8c61291fd850 "mm: fix incorrect vbq reference in purgefragmentedblock" extended the 'vmapblock' structure to contain a 'cpu' field which is set at...
DEBIAN-CVE-2024-46843
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcdasyncscan fails during ufshcdprobehba before adding a SCSI host with scsiaddhost and M...
DEBIAN-CVE-2024-46847
In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmapblock is initialised before adding to queue Commit 8c61291fd850 "mm: fix incorrect vbq reference in purgefragmentedblock" extended the 'vmapblock' structure to contain a 'cpu' field which is set at...
UBUNTU-CVE-2024-46847
In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmapblock is initialised before adding to queue Commit 8c61291fd850 "mm: fix incorrect vbq reference in purgefragmentedblock" extended the 'vmapblock' structure to contain a 'cpu' field which is set at...
UBUNTU-CVE-2024-46843
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcdasyncscan fails during ufshcdprobehba before adding a SCSI host with scsiaddhost and M...
UBUNTU-CVE-2024-46803
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbgevfile In interrupt context, write dbgevfile will be run by work queue. It will cause write dbgevfile execution after debugtrapdisable, which will cause NULL pointer access. v2:...
CVE-2024-46803 drm/amdkfd: Check debug trap enable before write dbg_ev_file
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbgevfile In interrupt context, write dbgevfile will be run by work queue. It will cause write dbgevfile execution after debugtrapdisable, which will cause NULL pointer access. v2:...
CVE-2024-46803 drm/amdkfd: Check debug trap enable before write dbg_ev_file
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbgevfile In interrupt context, write dbgevfile will be run by work queue. It will cause write dbgevfile execution after debugtrapdisable, which will cause NULL pointer access. v2:...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to GNOME GLib, libcurl and kerberos 5
Summary GNOME GLib, libcurl and kerberos 5 used by IBM MQ Operator and Queue Manager container images are vulnerable to spoofing attacks, denial of service due to improper memory allocation, and privilege escalation which may lead to bypassing security restrictions. This bulletin identifies the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not ensuring that a vmapblock is initialized before adding it to a queue...
CVE-2024-47078 Meshtastic firmware Authentication/Authorization Bypass via MQTT
Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone i.e., via bluetooth. Prior to...
VulnCheck KEV: CVE-2024-4325
A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to...
kernel: kyber: fix out of bounds access when preempted
In the Linux kernel, the following vulnerability has been resolved: kyber: fix out of bounds access when preempted blkmqschedbiomerge gets the ctx and hctx for the current CPU and passes the hctx to -biomerge. kyberbiomerge then gets the ctx for the current CPU again and uses that to get the...
kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment
A vulnerability was found in the Linux kernel's nvme driver. A lack of proper checks can lead to a race condition during the destruction of a queue pair when a controller is being established. This issue can lead to system instability or crashes...
kernel: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
A vulnerability was found in the cfg80211 component in the Linux kernel, where a lack of proper range validation applied to the NL80211ATTRTXQQUANTUM can lead to a scenario where the userspace passes an extremely high value that the kernel is not designed to handle efficiently ex. 2^31. This can...
kernel: use-after-free in cec_queue_msg_fh
A vulnerability was found in the Linux kernel. A use-after-free exists in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...
kernel: kyber: fix out of bounds access when preempted
In the Linux kernel, the following vulnerability has been resolved: kyber: fix out of bounds access when preempted blkmqschedbiomerge gets the ctx and hctx for the current CPU and passes the hctx to -biomerge. kyberbiomerge then gets the ctx for the current CPU again and uses that to get the...
kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment
A vulnerability was found in the Linux kernel's nvme driver. A lack of proper checks can lead to a race condition during the destruction of a queue pair when a controller is being established. This issue can lead to system instability or crashes...
kernel: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
A vulnerability was found in the cfg80211 component in the Linux kernel, where a lack of proper range validation applied to the NL80211ATTRTXQQUANTUM can lead to a scenario where the userspace passes an extremely high value that the kernel is not designed to handle efficiently ex. 2^31. This can...