1785 matches found
Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2024-40921: net: bridge: mst: pass vlan group directly to brmstvlansetstate bsc1227784. CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in brmstsetstate bsc1227781...
USN-7179-4 linux-xilinx-zynqmp vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...
Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059153 fixes several issues. The following security issues were fixed: CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6...
DEBIAN-CVE-2024-57925
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2sendinterimresp, if ksmbdallocworkstruct fails to allocate a node, it returns a NULL pointer to the inwork pointer. This can lead to an illegal memory write of...
CVE-2024-57925 ksmbd: fix a missing return value check bug
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2sendinterimresp, if ksmbdallocworkstruct fails to allocate a node, it returns a NULL pointer to the inwork pointer. This can lead to an illegal memory write of...
Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024119 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637...
Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059158 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637...
PT-2025-37970
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the SMB client during the rename process. Specifically, the issue arises from the timing of unhashing the dentry, which can allow concurrent opens on the targe...
PT-2025-49781
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the SMB client, specifically in the smb2 close cached fid function. The find or create cached dir function could potentially acqui...
UBUNTU-CVE-2024-56627
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbdvfsstreamread An offset from client could be a negative value, It could lead to an out-of-bounds read from the streambuf. Note that this issue is coming when setting 'vfs objects = streamsxat...
DEBIAN-CVE-2024-53179
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses-authkey.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifsmount dfsmountshare getsession...
DEBIAN-CVE-2024-53177
In the Linux kernel, the following vulnerability has been resolved: smb: prevent use-after-free due to opencacheddir error paths If opencacheddir encounters an error parsing the lease from the server, the error handling may race with receiving a lease break, resulting in opencacheddir freeing the...
DEBIAN-CVE-2024-53178
In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with opencacheddir opencacheddir may either race with the tcon reconnection even before compoundsendrecv or directly trigger a reconnection via SMB2openinit or SMBqueryinfoinit. The...
UBUNTU-CVE-2024-53185
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...
CVE-2024-53178 smb: Don't leak cfid when reconnect races with open_cached_dir
In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with opencacheddir opencacheddir may either race with the tcon reconnection even before compoundsendrecv or directly trigger a reconnection via SMB2openinit or SMBqueryinfoinit. The...
OESA-2024-2588 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from the post-release reuse of signing keys in the smb client module...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the smb module that does not properly handle cfid on reconnect...
samba bug fix update
An update is available for samba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Samba is an open-source implementation of the Server Message Block SMB protocol...
smb: client: fix OOBs when building SMB2_IOCTL request
...