kernel: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: acquire rcureadlock in instancedestroyrcu syzbot reported that nfreinject could be called without rcureadlock : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a 0 Not tainted...

kernel: ionic: fix use after netif_napi_del()

A vulnerability was found in the Linux kernel's Ionic driver in the ionicqcqenable function, where the issue arises when the driver fails to reset the .poll pointer to NULL after a queue is unregistered via netifnapidel, leading to a use-after-free scenario when attempting to enable a previously...

kernel: tcp: make sure init the accept_queue's spinlocks once

In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the acceptqueue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at...

kernel: sched/psi: Fix use-after-free in ep_remove_wait_queue()

In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in epremovewaitqueue If a non-root cgroup gets removed when there is a thread that registered trigger and is polling on a pressure file within the cgroup, the polling waitqueue gets freed in the...

kernel: tcp: make sure init the accept_queue's spinlocks once

In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the acceptqueue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at...

SUSE CVE-2024-42234

In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s often on flags when freeing, yet the flags shown are not bad: PGlocked had been set and cleared??, and...

SUSE CVE-2024-41032

In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: check if a hash-index is in cpupossiblemask The problem is that there are systems where cpupossiblemask has gaps between set CPUs, for example SPARC. In this scenario addrtovbxa hash function can return an index whic...

SUSE CVE-2024-41036

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851startxmitspi and ks8851irq: watchdog: BUG: soft...

SUSE CVE-2024-41043

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: drop bogus WARNON Happens when rules get flushed/deleted while packet is out, so remove this WARNON. This WARN exists in one form or another since v4.14, no need to backport this to older releases, henc...

SUSE CVE-2024-41082

In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of adminq. If a reset nvme reset or IO timeout...

SUSE CVE-2024-41088

In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfdstartxmit function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running...

SUSE CVE-2024-42114

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211ATTRTXQQUANTUM values syzbot is able to trigger softlockups, setting NL80211ATTRTXQQUANTUM to 2^31. We had a similar issue in schfq, fixed with commit d9e15a273306 "pktsched: fq: do not accept sill...

SUSE CVE-2024-42152

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmetsqdestroy we capture sq-ctrl early and if it is non-NULL we know that a ctrl was allocated in the admin connect request handler and we need to release...

The vulnerability of the OLE DB driver for SQL Server, related to buffer overflows in the “queue”, allows attackers to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to buffer overflow in the “heap”. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

CVE-2024-42113

A vulnerability was found in the Linux kernel's txgbe driver involving uninitialized numqvectors when using MSI/INTx interrupts. This can lead to kernel panics during the allocation of queue vectors due to the use of undefined values. This issue was resolved by ensuring numqvectors is properly...

DEBIAN-CVE-2024-42148

In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equal to FPSBMAXE1x...

AZL-48261 CVE-2024-42114 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211ATTRTXQQUANTUM values syzbot is able to trigger softlockups, setting NL80211ATTRTXQQUANTUM to 2^31. We had a similar issue in schfq, fixed with commit d9e15a273306 "pktsched: fq: do not accept sill...

DEBIAN-CVE-2024-42113

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize numqvectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx-numqvectors is uninitialized. Thus there will be kernel panic in wxallocqvectors to allocate queue vectors...

UBUNTU-CVE-2024-42148

In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equal to FPSBMAXE1x...

UBUNTU-CVE-2024-42113

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize numqvectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx-numqvectors is uninitialized. Thus there will be kernel panic in wxallocqvectors to allocate queue vectors...