CVE-2023-52771 cxl/port: Fix delete_endpoint() vs parent unregistration race

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix deleteendpoint vs parent unregistration race The CXL subsystem, at cxlmem -probe time, establishes a lineage of ports struct cxlport objects between an endpoint and the root of a CXL topology. Each port including th...

DEBIAN-CVE-2021-47360

In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BCFREEBUFFER processing, the BINDERTYPEFDA object cleanup may close 1 or more fds. The close operations are completed using the task work mechanism -- which means the thread needs to...

CVE-2021-47337

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 "scsi: core: Fix error handling of scsihostalloc" changed the allocation logic to call putdevice to perform host cleanup with the...

DEBIAN-CVE-2021-47309

In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate-data before returning from skbtunnelinfo skbtunnelinfo returns pointer of lwtstate-data as iptunnelinfo type without validation. lwtstate-data can have various types such as mplsiptunnelencap, etc and these...

DEBIAN-CVE-2021-47281

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of sndseqtimeropen The timer instance per queue is exclusive, and sndseqtimeropen should have managed the concurrent accesses. It looks as if it's checking the already existing timer instance at the beginning,...

DEBIAN-CVE-2021-47289

In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 "ACPI: utils: Fix reference counting in foreachacpidevmatch" started doing "acpidevput" on a pointer that was possibly NULL. That fails miserably, because that helper inline...

DEBIAN-CVE-2021-47253

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...

CVE-2021-47262 KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complet...

CLSA-2024-1716270232 Fix of 48 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-47233 - wifi: brcmfmac: Fix use-after-free bug in brcmfcfg80211detach CVE-url: https://ubuntu.com/security/CVE-2023-52601 - jfs: Fix memleak in dbAdjCtl CVE-url: https://ubuntu.com/security/CVE-2024-26801 - Bluetooth: Avoid potential use-after-free in...

SUSE CVE-2024-35808

In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from raidmessage directly without holding 'reconfigmutex', this is definitely unsafe because mdreapsyncthread can change many fields that is...

SUSE CVE-2024-35942

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mpblk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is...

SUSE CVE-2024-35966

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcommsocksetsockoptold is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset...

SUSE CVE-2024-35974

In the Linux kernel, the following vulnerability has been resolved: block: fix q-blkglist corruption during disk rebind Multiple gendisk instances can allocated/added for single request queue in case of disk rebind. blkg may still stay in q-blkglist when calling blkcginitdisk for rebind, then...

Ubuntu: Security Advisory (USN-6777-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6777-2: Linux kernel (Azure) vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

USN-6777-2 linux-azure vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

USN-6766-3: Linux kernel (AWS) vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

The vulnerability of the sco_sock_timeout() function in the Linux kernel’s Bluetooth subsystem allows a hacker to trigger a service failure.

The vulnerability of the scosocktimeout function in the net/bluetooth/sco.c module of the Linux kernel’s Bluetooth subsystem is related to the reallocation of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow a attacker to cause service...

AZL-57805 CVE-2024-35937 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more...

UBUNTU-CVE-2024-35926

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix asyncdisable descriptor leak The disableasync paths of iaacompress/decompress don't free idxd descriptors in the asyncdisable case. Currently this only happens in the testcases where req-dst is set to null. Add ...