UBUNTU-CVE-2024-50075

In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. The USB2 port number owned by an USB2 root hub in a Virtual Function may be less than total USB2 phy...

CVE-2024-48548

The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack...

CVE-2024-48548

CVE-2024-48548 affects Cloud Smart Lock v2.0.1 where an APK leaks a URL that can call the Bind to Physical Device API. This enables an attacker to arbitrarily construct requests to bind to unknown devices by bruteforcing a valid serial number, effectively exposing a vulnerability with a local att...

WeHere Cloud Smart Lock 安全漏洞

WeHere Cloud Smart Lock is a smart door lock application from WeHere. A security vulnerability exists in WeHere Cloud Smart Lock version v2.0.1, which stems from an APK file that leaks a URL that can be used to call the Bind to Physical Device API, allowing an attacker to brute-force find a valid...

The vulnerability of the nxp_fspi_fill_txfifo() function in the Linux operating system’s Serial Peripheral Interface (SPI) driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the nxpfspifilltxfifo function in the drivers/spi/spi-nxp-fspi.c file of the Linux kernel’s Serial Peripheral Interface SPI driver is related to memory writing beyond the boundaries of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise t...

qt5-webengine -- Use after free in Serial

Qt qtwebengine-chromium repo reports: Backports for 1 security bug in Chromium: CVE-2024-10827: Use after free in Serial...

The vulnerability of the moschip7840_4port_device driver for serial devices in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the moschip78404portdevice structure in the drivers/usb/serial/mos7840.c file of the USB driver for serial devices in the Linux operating system is related to the absence of implementations for the functions suspend and resume. Exploiting this vulnerability could allow an...

DEBIAN-CVE-2024-50057

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tipd: Free IRQ only if it was requested before In polling mode, if no IRQ was requested there is no need to free it. Call devmfreeirq only if client-irq is set. This fixes the warning caused by the tps6598x module...

AZL-51101 CVE-2024-50058 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: serial: protect uartportdtrrts in uartshutdown too Commit af224ca2df29 serial: core: Prevent unsafe uart port access, part 3 added few uport == NULL checks. It added one to uartshutdown, so the commit assumes, uport can be NULL i...

DEBIAN-CVE-2024-50058

In the Linux kernel, the following vulnerability has been resolved: serial: protect uartportdtrrts in uartshutdown too Commit af224ca2df29 serial: core: Prevent unsafe uart port access, part 3 added few uport == NULL checks. It added one to uartshutdown, so the commit assumes, uport can be NULL i...

CVE-2024-50058

CVE-2024-50058: Linux kernel serial subsystem vulnerability where uart_shutdown() could dereference a NULL uart_port (uport) after a patch added NULL checks. The commit af224ca2df29 added safety checks, but a call to uart_port_dtr_rts(uport, false) remained unprotected if HUPCL is set. The incons...

CVE-2024-50058 serial: protect uart_port_dtr_rts() in uart_shutdown() too

In the Linux kernel, the following vulnerability has been resolved: serial: protect uartportdtrrts in uartshutdown too Commit af224ca2df29 serial: core: Prevent unsafe uart port access, part 3 added few uport == NULL checks. It added one to uartshutdown, so the commit assumes, uport can be NULL i...

CLSA-2024-1729518811 Fix of 15 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-38632 - vfio/pci: fix potential memory leak in vfiointxenable CVE-url: https://ubuntu.com/security/CVE-2024-46840 - btrfs: clean up our handling of refs == 0 in snapshot delete CVE-url: https://ubuntu.com/security/CVE-2024-44954 - ALSA: line6: Fix rac...

CLSA-2024-1729518310 Fix of 15 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-38632 - vfio/pci: fix potential memory leak in vfiointxenable CVE-url: https://ubuntu.com/security/CVE-2024-46840 - btrfs: clean up our handling of refs == 0 in snapshot delete CVE-url: https://ubuntu.com/security/CVE-2024-44954 - ALSA: line6: Fix rac...

AZL-51138 CVE-2024-47718 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtwwaitfirmwarecompletion', always wait for both regular and wowlan firmware loading attempts. Otherwise if 'rtwusbintfinit' has failed in 'rtwusbprobe',...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible buffer overflow in the usb gadget driver uvc during the setup handler...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper protection of the uartportdtrrts function in the serial subsystem, which could trigger a kernel cra...

Linux kernel 输入验证错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper handling of a serial number overflow in the padata component, which could lead to a deadlock...

CVE-2024-46760

...

CVE-2024-46706

...