6095 matches found
CVE-2024-26600
A NULL pointer dereference flaw was found in the Linux kernel in the phy-omap-usb2 driver. This issue arises when the external PHY used with phy-omap-usb2 does not implement the sendsrp function. If this function is called without proper implementation, it can result in a system crash, especially...
CVE-2024-0243 Server-side Request Forgery In Recursive URL Loader
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
CVE-2024-26604 Revert "kobject: Remove redundant checks for whether ktype is NULL"
In the Linux kernel, the following vulnerability has been resolved: Revert "kobject: Remove redundant checks for whether ktype is NULL" This reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31. It is reported to cause problems, so revert it for now until the root cause can be found...
CVE-2024-26601 ext4: regenerate buddy after block freeing failed if under fc replay
In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd "ext4: remove redundant mbregeneratebuddy" and reintroduces mbregeneratebuddy. Based on code in mbfreeblocks, fast commi...
CVE-2023-52463
A flaw was found in the Linux kernel, which involves the improper handling of the efivarfs filesystem when the firmware does not support the SetVariable function at runtime. Specifically, even if efivarfs is initially mounted as read-only RO, it can be remounted as read-write RW without checking ...
CVE-2023-52462
A flaw was found in the Linux kernel. When the register is spilled onto a stack as a 1/2/4-byte register, the slottypeBPFREGSIZE - 1 is set, possibly including a few more below it, depending on the actual spill size. To confirm if some stack slots have a spilled register, consult slottype7, not...
CVE-2023-52461
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...
CVE-2024-26595
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix NULL pointer dereference in error path When calling mlxswspacltcamregiondestroy from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon...
CVE-2023-52458
In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the logical block siz...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: Update migration data pointer correctly on saving/resume When the optional PRECOPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on the f...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...
CVE-2024-26599 pwm: Fix out-of-bounds access in of_pwm_single_xlate()
In the Linux kernel, the following vulnerability has been resolved: pwm: Fix out-of-bounds access in ofpwmsinglexlate With args-argscount == 2 args-args2 is not defined. Actually the flags are contained in args-args1...
CVE-2023-52462
In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slottypeBPFREGSIZE - 1 plus potentially few more below it, depending on actual spill size. So to check i...
CVE-2023-52459
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from the helper function in the line before. Having a second listdel call results in either a warning with CONFIGDEBUGLIST=y:...
CVE-2023-52460
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clkmgr. So don't use it to look for DML2 support...
CVE-2023-52458 block: add check that partition length needs to be aligned with block size
In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the logical block siz...
CVE-2023-52453 hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume
In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: Update migration data pointer correctly on saving/resume When the optional PRECOPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on the f...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
CVE-2023-52451
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlparmemoryremovebyindex may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails,...
CVE-2024-26593
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once...