The vulnerability of the 3D model texturing software Adobe Substance 3D Painter, related to buffer overflow attacks, allows attackers to execute arbitrary code.

The vulnerability of the 3D model texturing software Adobe Substance 3D Painter lies in the overflow of the queue buffer. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities

Summary IBM Security Verify Information Queue ISIQ v10.0.5 has remediated vulnerabilities in the third-party libraries that it uses. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not...

kernel: net: stmmac: fix dma queue left shift overflow issue

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMAMAP1. If CONFIGUBSAN is enabled, kernel dumps below warning...

kernel: blk-mq: avoid double ->queue_rq() because of early timeout

In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double -queuerq because of early timeout David Jeffery found one double -queuerq issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault ...

kernel: wifi: mac80211: fix queue selection for mesh/OCB interfaces

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and...

kernel: RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup

A flaw was found in the rdmarxe module in the Linux kernel. A NULL pointer dereference can be triggered when an error occurs due to an improper check, resulting in a denial of service...

kernel: RDMA/rxe: Fix "kernel NULL pointer dereference" error

A NULL pointer dereference vulnerability was found in the RXE Soft-RoCE RDMA driver in the Linux kernel. When rxequeueinit fails during queue pair initialization in rxeqpinitreq, the task function and argument pointers qp-req.task.func and qp-req.task.arg remain uninitialized. The cleanup functio...

kernel: RDMA/rxe: Fix error unwind in rxe_create_qp()

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxecreateqp In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like the spin locks are not setup until rxeqpinitreq. If an error occures before this point then t...

GHSA-M974-XJ4J-7QV5 Boxo bitswap/server: DOS unbounded persistent memory leak

Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting untrusted connections with the...

kernel: iavf: Fix adminq error handling

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavfallocasqbufs/iavfallocarqbufs allocates with dmaalloccoherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Witho...

kernel: block: Fix possible memory leak for rq_wb on add_disk failure

In the Linux kernel, the following vulnerability has been resolved: block: Fix possible memory leak for rqwb on adddisk failure kmemleak reported memory leaks in deviceadddisk: kmemleak: 3 new suspected memory leaks unreferenced object 0xffff88800f420800 size 512: comm "modprobe", pid 4275, jiffi...

kernel: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQMEMRECLAIM from storvscerrorwq storvscerrorwq workqueue should not be marked as WQMEMRECLAIM as it doesn't need to make forward progress under memory pressure. Marking this workqueue as WQMEMRECLAIM may...

kernel: blk-mq: avoid double ->queue_rq() because of early timeout

In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double -queuerq because of early timeout David Jeffery found one double -queuerq issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault ...

kernel: netfilter: flowtable_offload: fix using __this_cpu_add in preemptible

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtableoffload: fix using thiscpuadd in preemptible flowoffloadqueuework can be called in workqueue without bh disabled, like the call trace showed in my actct testing, calling NFFLOWTABLESTATINC there would cause a...

kernel: bpf, sockmap: Fix memleak in sk_psock_queue_msg

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in skpsockqueuemsg If tcpbpfsendmsg is running during a tear down operation we may enqueue data on the ingress msg queue while tear down is trying to free it. sk1 redirect sk2 sk2 -------------------...

kernel: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags

A flaw was found in the nvme module in the Linux kernel. A NULL pointer dereference can be triggered due to improper error management when the blkmqinitqueue function fails to set up the queue, resulting in a denial of service...

kernel: net: stmmac: fix dma queue left shift overflow issue

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMAMAP1. If CONFIGUBSAN is enabled, kernel dumps below warning...

kernel: wifi: mac80211: fix queue selection for mesh/OCB interfaces

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and...

kernel: driver core: fix deadlock in __device_attach

In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in deviceattach In deviceattach function, The lock holding logic is as follows: ... deviceattach devicelockdev // get lock dev asyncscheduledevdeviceattachasynchelper, dev; // func asyncschedulenode...

kernel: md/raid0, raid10: Don't set discard sectors for request queue

In the Linux kernel, the following vulnerability has been resolved: md/raid0, raid10: Don't set discard sectors for request queue It should use diskstacklimits to get a proper maxdiscardsectors rather than setting a value by stack drivers. And there is a bug. If all member disks are rotational...