95 matches found
CVE-2022-49536 scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: nativequeuedspinlockslowpath+0x192 rawspinlockirqsave+0x32 lpfchandlefcperr+0x4...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: jffs2: Fixed potential illegal address access in jffs2freeinode. During the stress testing of the jffs2 file system, the following abnormal outputs were found: 2430.649000 Unable to handle kernel paging request at virtual...
CentOS 9 : kernel-5.14.0-559.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-559.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current...
DEBIAN-CVE-2024-46797
In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queuedspinlockslowpath after we increment qnodesp-count and before node-lock is initialized, another CPU might see stale lock values in gettailqnode. If the...
CVE-2024-42115
In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2freeinode During the stress testing of the jffs2 file system,the following abnormal printouts were found: 2430.649000 Unable to handle kernel paging request at virtual address...
CVE-2024-42071
In the Linux kernel, the following vulnerability has been resolved: ionic: use devconsumeskbany outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call napiconsumeskb, specifically we need to call it with budget==0 to signal to it that we're not in a safe...
PT-2024-5757 · Unknown · Kraken Stress Testing Toolkit
Name of the Vulnerable Software and Affected Versions: Kraken Stress Testing Toolkit affected versions not specified Description: The issue is related to the lack of protection for the SQL query structure in the Kraken Stress Testing Toolkit, a tool for load testing SIEM systems. This can be...
DEBIAN-CVE-2024-42115
In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2freeinode During the stress testing of the jffs2 file system,the following abnormal printouts were found: 2430.649000 Unable to handle kernel paging request at virtual address...
CVE-2024-42071
In the Linux kernel, the following vulnerability has been resolved: ionic: use devconsumeskbany outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call napiconsumeskb, specifically we need to call it with budget==0 to signal to it that we're not in a safe...
CVE-2024-42071 ionic: use dev_consume_skb_any outside of napi
In the Linux kernel, the following vulnerability has been resolved: ionic: use devconsumeskbany outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call napiconsumeskb, specifically we need to call it with budget==0 to signal to it that we're not in a safe...
DEBIAN-CVE-2024-41023
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix taskstruct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the...
UK PSTI? You’ll need a Vulnerability Disclosure Program!
If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program VDP In the supporting materials for the Act,...
The Fundamentals of Cloud Security Stress Testing
״Defenders think in lists, attackers think in graphs," said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to...
CVE-2022-48674
In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...
CVE-2022-48674
In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...
CVE-2022-48674 erofs: fix pcluster use-after-free on UP platforms
In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...
CVE-2022-48674 erofs: fix pcluster use-after-free on UP platforms
In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...
CVE-2022-48674
CVE-2022-48674 - erofs use-after-free on UP platforms : Linux kernel patch fixes a race in erofs where erofs_workgroup_unfreeze() doesn’t reset orig_val, allowing a pcluster to be reused after free. This leads to a use-after-free in paths such as z_erofs_do_read_page/z_erofs_readahead under stres...
CVE-2022-48674
In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...
CVE-2022-48674 erofs: fix pcluster use-after-free on UP platforms
In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...