196 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Reinitialize the delayed ref list after deleting it from the list. In the insertdelayedref function, if we need to update the action of an existing ref to BTRFSDROPDELAYEDREF, we delete the ref from its refhead’s refaddlis...
PT-2026-5509
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Btrfs file system related to inode handling during rename operations and log replay. Specifically, the issue arises after a rename exchange involving...
SUSE CVE-2024-50273
In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insertdelayedref if we need to update the action of an existing ref to BTRFSDROPDELAYEDREF, we delete the ref from its ref head's refaddlist using listdel,...
AZL-53414 CVE-2024-50273 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insertdelayedref if we need to update the action of an existing ref to BTRFSDROPDELAYEDREF, we delete the ref from its ref head's refaddlist using listdel,...
AZL-53775 CVE-2024-50273 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insertdelayedref if we need to update the action of an existing ref to BTRFSDROPDELAYEDREF, we delete the ref from its ref head's refaddlist using listdel,...
UBUNTU-CVE-2024-50166
In the Linux kernel, the following vulnerability has been resolved: fsl/fman: Fix refcount handling of fman-related devices In macprobe there are multiple calls to offinddevicebynode, fmanbind and fmanportbind which takes references to ofdev-dev. Not all references taken by these calls are releas...
AZL-51894 CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.2.7-3
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-47706
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq-bic with merge chain 1 initial state, three tasks: Process 1 Process 2 Process 3 BIC1 BIC2 BIC3 | Λ | Λ | Λ | | | | | | V | V | V | bfqq1 bfqq2 bfqq3 process ref: 1 1 1 2 bfqq1 merged to bfqq...
CVE-2024-47706
Markdown: CVE-2024-47706 is tied to a Linux kernel issue in the bfq/I/O scheduler where an UAF could occur when bfqq structures are merged across BICs (bfqq1 → bfqq2 → bfqq3). The connected Astra Linux bulletin reproduces the scenario: on insert, a bfqq handle is obtained from the merge chain, bu...
CVE-2024-43500
Windows Resilient File System ReFS Information Disclosure Vulnerability...
CVE-2024-43514 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
...
CVE-2024-43500
CVE-2024-43500 affects Windows Resilient File System (ReFS) and is described as an Information Disclosure vulnerability. Public sources confirm impact to ReFS, enabling an attacker to obtain sensitive data. Exploitation details are not fully provided in the documents; the CVSS data in the Initial...
CVE-2024-43500 Windows Resilient File System (ReFS) Information Disclosure Vulnerability
...
SUSE CVE-2024-46840
In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUGONrefs == 0, which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walkdownproc we...
DEBIAN-CVE-2024-46840
In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUGONrefs == 0, which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walkdownproc we...
CVE-2024-46840
In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUGONrefs == 0, which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walkdownproc we...
UBUNTU-CVE-2024-46840
In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUGONrefs == 0, which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walkdownproc we...
CVE-2024-38135
Windows Resilient File System ReFS Elevation of Privilege Vulnerability...
Typo3 Information Disclosure in Backend User Interface
The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this...
GHSA-49JC-R788-3FC9 gix refs and paths with reserved Windows device names access the devices
Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...