6095 matches found
CVE-2023-52456
In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TXEN pin. When the TTY port is closed in the middle of a...
CVE-2023-52464
In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat: drivers/edac/thunderxedac.c: In function 'thunderxocxcomthreadedisr':...
CVE-2023-52447
In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr decreases the...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2contextthreadfunc function, which may call pvr2contextdestroy and thus call kfree on the context object. However...
CVE-2024-26591 bpf: Fix re-attachment branch in bpf_tracing_prog_attach
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpftracingprogattach The following case can cause a crash due to missing attachbtf: 1 load rawtp program 2 load fentry program with rawtp as targetfd 3 create tracing link for fentry program with...
CVE-2023-52448 gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2rgrpdump Syzkaller has reported a NULL pointer dereference when accessing rgd-rdrgl in gfs2rgrpdump. This can happen when creating rgd-rdgl fails in readrindexentry. Add a NULL...
CVE-2024-26586 mlxsw: spectrum_acl_tcam: Fix stack corruption
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a...
CVE-2024-26591
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpftracingprogattach The following case can cause a crash due to missing attachbtf: 1 load rawtp program 2 load fentry program with rawtp as targetfd 3 create tracing link for fentry program with...
CVE-2024-26589
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTRTOFLOWKEYS For PTRTOFLOWKEYS, checkflowkeysaccess only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So the variable offset is not...
Hardcoded credentials
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
CVE-2024-26147 Helm's Missing YAML Content Leads To Panic
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
CVE-2024-26582
In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...
CVE-2024-26585
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Reorder scheduling the work before calling...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching already freed data...
CVE-2024-26584 net: tls: handle backlogging of crypto requests
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations. For...
CVE-2024-26582
In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...
CVE-2023-52441 ksmbd: fix out of bounds in init_smb2_rsp_hdr()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in initsmb2rsphdr If client send smb2 negotiate request and then send smb1 negotiate request, initsmb2rsphdr is called for smb1 negotiate request since needneg is set to false. This patch ignore smb1...
CVE-2023-52440 ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigger than session key sizeCIFSKEYSIZE, slub overflow can happen in key exchange codes. cifsarc4crypt copy to session key array from...
CVE-2023-52436
In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed...
CVE-2023-52439
In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uioopen core-1 core-2 ------------------------------------------------------- uiounregisterdevice uioopen idev = idrfind deviceunregister&idev-dev putdevice&idev-dev uiodevicerelease getdevice&idev-dev...