UBUNTU-CVE-2022-48847

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Fix filter limit check In watchqueuesetfilter, there are a couple of places where we check that the filter type value does not exceed what the typefilter bitmap can hold. One place calculates the number of bits by: if...

UBUNTU-CVE-2022-48846

In the Linux kernel, the following vulnerability has been resolved: block: release rq qos structures for queue without disk blkcginitqueue may add rq qos structures to request queue, previously blkcleanupqueue calls rqqosexit to release them, but commit 8e141f9eb803 "block: drain file system I/O ...

UBUNTU-CVE-2022-48864

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: add validation for VIRTIONETCTRLMQVQPAIRSSET command When control vq receives a VIRTIONETCTRLMQVQPAIRSSET command request from the driver, presently there is no validation against the number of queue pairs to configure...

CVE-2022-48846

CVE-2022-48846 affects the Linux kernel block layer. The root cause was a memory leak in rq QoS structures added by blkcg_init_queue() when a request queue could lack a disk (e.g., unpresent SCSI LUNs or NVMe admin queue) after a patch moved rq_qos_exit() into del_gendisk(). The fix restores prop...

CVE-2022-48846

In the Linux kernel, the following vulnerability has been resolved: block: release rq qos structures for queue without disk blkcginitqueue may add rq qos structures to request queue, previously blkcleanupqueue calls rqqosexit to release them, but commit 8e141f9eb803 "block: drain file system I/O ...

DEBIAN-CVE-2022-48789

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport errorrecovery work While nvmetcpsubmitasynceventwork is checking the ctrl and queue state before preparing the AER command and scheduling iowork, in order to fully prevent a race...

AZL-47446 CVE-2022-48788 affecting package kernel for versions less than 5.15.32.1-3

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport errorrecovery work While nvmerdmasubmitasynceventwork is checking the ctrl and queue state before preparing the AER command and scheduling iowork, in order to fully prevent a ra...

DEBIAN-CVE-2022-48788

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport errorrecovery work While nvmerdmasubmitasynceventwork is checking the ctrl and queue state before preparing the AER command and scheduling iowork, in order to fully prevent a ra...

UBUNTU-CVE-2022-48788

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport errorrecovery work While nvmerdmasubmitasynceventwork is checking the ctrl and queue state before preparing the AER command and scheduling iowork, in order to fully prevent a ra...

UBUNTU-CVE-2022-48789

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport errorrecovery work While nvmetcpsubmitasynceventwork is checking the ctrl and queue state before preparing the AER command and scheduling iowork, in order to fully prevent a race...

CVE-2022-48789

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport errorrecovery work While nvmetcpsubmitasynceventwork is checking the ctrl and queue state before preparing the AER command and scheduling iowork, in order to fully prevent a race...

SUSE CVE-2024-40942

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of meshpreqqueue objects The hwmp code use objects of type meshpreqqueue, added to a list in ieee80211ifmesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface ...

SUSE CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it...

SUSE CVE-2024-40992

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

DEBIAN-CVE-2024-40992

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

DEBIAN-CVE-2024-40942

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of meshpreqqueue objects The hwmp code use objects of type meshpreqqueue, added to a list in ieee80211ifmesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface ...

DEBIAN-CVE-2024-40925

In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e "blk-flush: reuse rq queuelist in flush state machine". The root cause is that we use...

AZL-68111 CVE-2024-39508 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: Use setbit and testbit at worker-flags Utilize setbit and testbit on worker-flags within iouring/io-wq to address potential data races. The structure ioworker-flags may be accessed through various data paths, leadi...

DEBIAN-CVE-2024-39502

In the Linux kernel, the following vulnerability has been resolved: ionic: fix use after netifnapidel When queues are started, netifnapiadd and napienable are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues' napi should be registered and...

UBUNTU-CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it...