SUSE CVE-2024-42313

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with vdecclose. The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly...

DEBIAN-CVE-2024-42274

In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e "ALSA: firewire-lib: operate for period elapse event in process context" removed the process context workqueue from...

UBUNTU-CVE-2024-42274

In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e "ALSA: firewire-lib: operate for period elapse event in process context" removed the process context workqueue from...

CVE-2024-42274 Revert "ALSA: firewire-lib: operate for period elapse event in process context"

In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e "ALSA: firewire-lib: operate for period elapse event in process context" removed the process context workqueue from...

nvmet: fix a possible leak when destroy a ctrl during qp establishment

...

kernel: netfilter: nf_tables: flush pending destroy work before exit_net release

A vulnerability was found in the Linux kernel's Netfilter framework, specifically within the nftables component. The issue arises from a race condition between the exitnet function and the destroy work queue, which can lead to use-after-free errors and potential system instability. This...

kernel: ice: fix memory corruption bug with suspend and rebuild

This is a flaw in the Linux kernel's ICE driver for Intel Ethernet controllers. The problem arises when the system enters a suspended state, and the driver frees queue vectors without resetting the numqvectors variable. This oversight causes the icerebuild function to allocate an incorrectly size...

kernel: wifi: iwlwifi: read txq->read_ptr under lock

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq-readptr under lock If we read txq-readptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry twice,...

kernel: net/mlx5: Add a timeout to acquire the command queue semaphore

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...

kernel: wifi: iwlwifi: read txq->read_ptr under lock

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq-readptr under lock If we read txq-readptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry twice,...

kernel: net/mlx5: Add a timeout to acquire the command queue semaphore

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...

kernel: ionic: fix use after netif_napi_del()

A vulnerability was found in the Linux kernel's Ionic driver in the ionicqcqenable function, where the issue arises when the driver fails to reset the .poll pointer to NULL after a queue is unregistered via netifnapidel, leading to a use-after-free scenario when attempting to enable a previously...

kernel: ionic: fix use after netif_napi_del()

A vulnerability was found in the Linux kernel's Ionic driver in the ionicqcqenable function, where the issue arises when the driver fails to reset the .poll pointer to NULL after a queue is unregistered via netifnapidel, leading to a use-after-free scenario when attempting to enable a previously...

CVE-2024-41940

A vulnerability has been identified in SINEC NMS All versions V3.0. The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges...

CVE-2024-41940

Siemens SINEC NMS (versions prior to 3.0) contains an input validation vulnerability in the privileged command queue. An authenticated attacker could exploit improper input validation to execute OS commands with elevated privileges, effectively compromising the device. Public risk scores indicate...

CVE-2024-41940

A vulnerability has been identified in SINEC NMS All versions V3.0. The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog CVE-2022-50865 In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline...

PT-2024-32245 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the initialization of the vmap block structure in the Linux kernel. When a new vmap block is being instantiated by new vmap block, the partially initialized...

kernel: sched/psi: Fix use-after-free in ep_remove_wait_queue()

In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in epremovewaitqueue If a non-root cgroup gets removed when there is a thread that registered trigger and is polling on a pressure file within the cgroup, the polling waitqueue gets freed in the...

kernel: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: acquire rcureadlock in instancedestroyrcu syzbot reported that nfreinject could be called without rcureadlock : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a 0 Not tainted...