RUSTSEC-2024-0352 Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

RUSTSEC-2024-0351 Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

RUSTSEC-2024-0353 Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

kernel: usb: out-of-bounds read in read_descriptors

An out-of-bounds read issue was found in the USB subsystem in the Linux kernel. This flaw allows a malicious user to crash the system, resulting in a denial of service condition...

kernel: USB: usbtmc: Fix direction for 0-length ioctl control messages

A flaw was found in the Linux kernel’s USB Test and Measurement Class usbtmc driver. The driver did not properly validate the direction bit when handling ioctl calls for control messages with a length of zero. Under these circumstances, an incorrect direction can be submitted, leading to mismatch...

kernel: race condition between HCIUARTSETPROTO and HCIUARTGETPROTO in hci_uart_tty_ioctl

A NULL pointer dereference flaw was found in the Linux kernel’s Bluetooth HCI UART driver. This flaw allows a local user to crash the system...

kernel: usb: out-of-bounds read in read_descriptors

An out-of-bounds read issue was found in the USB subsystem in the Linux kernel. This flaw allows a malicious user to crash the system, resulting in a denial of service condition...

kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c

An out-of-bounds read flaw was found in the DVB USB subsystem of the Linux kernel. There was no boundary check applied to the array in struct technisatusb2state state-buf until the 0xff byte is encountered. If the byte is not encountered within the limit, an exposure of kernel data structure...

DEBIAN-CVE-2021-47475

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c "staging: comedi: check validity of wMaxPacketSize of...

UBUNTU-CVE-2023-52877

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpmpdsvdm It is possible that typecregisterpartner returns ERRPTR on failure. When port-partner is an error, a NULL pointer dereference may occur as shown below. 91222.095236 T31...

CVE-2021-47330

In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fix a memory leak in error handling path In the probe function, if the final 'serialconfig' fails, 'info' is leaking. Add a resource handling path to free this memory...

DEBIAN-CVE-2021-47330

In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fix a memory leak in error handling path In the probe function, if the final 'serialconfig' fails, 'info' is leaking. Add a resource handling path to free this memory...

DEBIAN-CVE-2021-47273

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-meson-g12a: fix usb2 PHY glue init when phy0 is disabled When only PHY1 is used for example on Odroid-HC4, the regmap init code uses the usb2 ports when doesn't initialize the PHY1 regmap entry. This fixes: Unable to...

CVE-2021-47330

In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fix a memory leak in error handling path In the probe function, if the final 'serialconfig' fails, 'info' is leaking. Add a resource handling path to free this memory...

UBUNTU-CVE-2021-47279

In the Linux kernel, the following vulnerability has been resolved: usb: misc: brcmstb-usb-pinmap: check return value after calling platformgetresource It will cause null-ptr-deref if platformgetresource returns NULL, we need check the return value...

UBUNTU-CVE-2021-47271

In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix deadlock issue in cdnspthreadirqhandler Patch fixes the following critical issue caused by deadlock which has been detected during testing NCM class: smp: csd: Detected non-responsive CSD lock 1 on CPU0 smp: csd:...

UBUNTU-CVE-2021-47330

In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fix a memory leak in error handling path In the probe function, if the final 'serialconfig' fails, 'info' is leaking. Add a resource handling path to free this memory...

CVE-2021-47330 tty: serial: 8250: serial_cs: Fix a memory leak in error handling path

In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fix a memory leak in error handling path In the probe function, if the final 'serialconfig' fails, 'info' is leaking. Add a resource handling path to free this memory...

CVE-2021-47330 tty: serial: 8250: serial_cs: Fix a memory leak in error handling path

In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fix a memory leak in error handling path In the probe function, if the final 'serialconfig' fails, 'info' is leaking. Add a resource handling path to free this memory...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a vulnerability in the spi module...