6096 matches found
CVE-2024-52545
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service TCP port 9876. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...
CVE-2024-53109
In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vmaiterprealloc When deleting a vma entry from a maple tree, it has to pass NULL to vmaiterprealloc in order to calculate internal state of the tree, but it passed a wrong argument. As a result, nommu...
CVE-2024-53105
In the Linux kernel, the following vulnerability has been resolved: mm: pagealloc: move mlocked flag clearance into freepagesprepare Syzbot reported a bad page state problem caused by a page being freed using freepage still having a mlocked flag at freepagesprepare stage: BUG: Bad page state in...
CVE-2024-53113
In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in allocpagesbulknoprof We triggered a NULL pointer dereference for ac.preferredzoneref-zone in allocpagesbulknoprof when the task is migrated between cpusets. When cpuset is enabled, in...
CVE-2024-53115
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: avoid nullptrderef in vmwframebuffersurfacecreatehandle The 'vmwuserobjectbuffer' function may return NULL with incorrect inputs. To avoid possible null pointer dereference, add a check whether the 'bo' is NULL in the...
CVE-2024-53121
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock...
CVE-2024-53121 net/mlx5: fs, lock FTE when checking if active
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock...
CVE-2024-53120
CVE-2024-53120 relates to the Linux kernel mlx5 core offload path. The vulnerability occurs in net/mlx5e when offloading CT rules: in mlx5_tc_ct_entry_add_rule(), if ct_rule_add() returns an error, zone_rule->attr is used uninitialized, causing a NULL pointer dereference (kernel OOPS). The fix...
CVE-2024-53118 vsock: Fix sk_error_queue memory leak
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix skerrorqueue memory leak Kernel queues MSGZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recved. To prevent memory leaks, clean up the queue when the socket is destroyed...
CVE-2024-53117
CVE-2024-53117 (Linux kernel) : The vulnerability affects virtio/vsock in the Linux kernel. The root cause was a missing kfree_skb() in error handling for MSG_ZEROCOPY paths, which could cause memory leaks. The fix adds the missing kfree_skb() to prevent leaks when MSG_ZEROCOPY encounters errors....
CVE-2024-53115
Technical details for CVE-2024-53115 are not publicly disclosed in the provided connected documents. The initial description mentions a kernel fix for a null pointer dereference in vmw_framebuffer_surface_create_handle, but no product/version specifics or exploit info are given here. Monitor for ...
CVE-2024-53115 drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: avoid nullptrderef in vmwframebuffersurfacecreatehandle The 'vmwuserobjectbuffer' function may return NULL with incorrect inputs. To avoid possible null pointer dereference, add a check whether the 'bo' is NULL in the...
CVE-2024-53110 vp_vdpa: fix id_table array not null terminated error
In the Linux kernel, the following vulnerability has been resolved: vpvdpa: fix idtable array not null terminated error Allocate one extra virtiodeviceid as null terminator, otherwise vdpamgmtdevgetclasses may iterate multiple times and visit undefined memory...
CVE-2024-53105 mm: page_alloc: move mlocked flag clearance into free_pages_prepare()
In the Linux kernel, the following vulnerability has been resolved: mm: pagealloc: move mlocked flag clearance into freepagesprepare Syzbot reported a bad page state problem caused by a page being freed using freepage still having a mlocked flag at freepagesprepare stage: BUG: Bad page state in...
CVE-2024-53103
In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk-trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by...
CVE-2024-53104
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in...
CVE-2024-53104
CVE-2024-53104 affects the Linux kernel USB Video Class (UVC) driver, specifically the uvc_parse_format logic which should skip frames of type UVC_VS_UNDEFINED. The fix prevents an out-of-bounds write in uvc_parse_streaming caused by mis-sized frame buffers, addressing an out-of-bounds write vuln...
CVE-2024-53103
In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk-trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by...
CVE-2024-53983 Server-side request forgery in Backstage Scaffolder plugin
The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection SSTI can be exploited to perform Git config injection. The vulnerability allows an...
CVE-2023-52922
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcmprocshow BUG: KASAN: slab-use-after-free in bcmprocshow+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 230 Hardwar...