Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a denial of service vulnerability that originates from an out-of-bounds memory access found in the iouring SQ/CQ function, which can be exploited by a...

USN-6536-1: Linux kernel vulnerabilities

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2023-39189 Kyle Zeng...

SUSE-SU-2023:4609-1 Security update for python-azure-storage-queue

This update for python-azure-storage-queue fixes the following issues: - CVE-2022-30187: Fixed information disclosure vulnerability bsc1202088...

SUSE SLES15 Security Update : python-azure-storage-queue (SUSE-SU-2023:4609-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4609-1 advisory. - Azure Storage Library Information Disclosure Vulnerability CVE-2022-30187 Note that Nessus has not tested for this issue but has instead...

Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer

The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...

Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer

The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...

Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer

The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...

Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer

The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...

Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer

The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...

Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer

The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...

USN-6497-1: Linux kernel (OEM) vulnerabilities

Maxim Levitsky discovered that the KVM nested virtualization SVM implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service host kernel crash. CVE-2023-5090 Alon Zahavi discovered that the...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libcurl vulnerabilities (CVE-2023-38546, CVE-2023-38545)

Summary Issues were identified in libcurl, which is packaged with the IBM MQ Queue Manager Container image. These issues are now fixed, and the fixes are shipped with the latest IBM MQ Operator and IBM-supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2023-38546 DESCRIPTION:...

cups security and bug fix update

1:2.2.6-54 - RHEL-2612 - cups pulls an unneeded dependency on python3 1:2.2.6-53 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation 1:2.2.6-52 - 2217178 - Delays printing to lpd when reserved ports are exhausted - 2217283 - The command 'cancel -x ' does not remove job fil...

CVE-2023-41442

An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component...

CVE-2023-41442

An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component...

pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory

Impact A client can send reliable-ordered packets 0, 2, 3, 4, 5 ... etc, and all the packets 2 and up will stay in the reliable-ordered queue until 1 arrives. A malicious client can exploit this to waste all available server memory by simply never sending the missing packet. Since the server...

kernel: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags

A flaw was found in the nvme module in the Linux kernel. A NULL pointer dereference can be triggered due to improper error management when the blkmqinitqueue function fails to set up the queue, resulting in a denial of service...

kernel: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidhalua: Fix memleak for 'qdata' in aluaactivate If aluartpgqueue failed from aluaactivate, then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2c6980 size 32: comm...

kernel: mlx5: fix possible ptp queue fifo use-after-free

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARNONONCE...

kernel: ice: xsk: disable txq irq before flushing hw

In the Linux kernel, the following vulnerability has been resolved: ice: xsk: disable txq irq before flushing hw iceqpdis intends to stop a given queue pair that is a target of xsk pool attach/detach. One of the steps is to disable interrupts on these queues. It currently is broken in a way that...