UBUNTU-CVE-2024-27057

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend When the system is suspended while audio is active, the sofipc4pcmhwfree is invoked to reset the pipelines since during suspend the DSP is turned off, streams...

DEBIAN-CVE-2024-27009

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...

AZL-40509 CVE-2024-26953 affecting package hyperv-daemons for versions less than 5.15.158.2-1

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from pagepool When the skb is reorganized during espoutput !esp-inline, the pages coming from the original skb fragments are supposed to be released back to the system through putpage. But if t...

DEBIAN-CVE-2023-52648

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...

kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c

A flaw was found in l2capsockrelease in net/bluetooth/l2capsock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled...

kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg

A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause a denial of service condition or potential code execution...

kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()

A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read, potentially leadi...

kernel: drm: bridge: dw_hdmi: fix connector access for scdc

A vulnerability was found in the Linux kernel's DRM subsystem, specifically within the DW HDMI bridge driver .A prior commit intended to improve SCDC Source Connection Description Channel debugging changed the interface to retrieve an I2C adapter from a connector structure. However, in the dwhdmi...

kernel: scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00probeone There is a memory leak reported by kmemleak: unreferenced object 0xffffc900003f0000 size 12288: comm "modprobe", pid 19117, jiffies 4299751452 age 42490.264s hex dump first 32...

kernel: md: don't dereference mddev after export_rdev()

A use-after-free vulnerability was found in the Linux kernel multiple device RAID subsystem's device lifetime management. A local user with privileges to manage MD arrays can trigger concurrent device addition and removal operations via sysfs, causing a race condition where the mddev structure is...

kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in connection handling

A flaw was found in the Linux kernel's Bluetooth subsystem. A use-after-free UAF vulnerability exists in the hcidisconnectallsync function. This can occur if a Bluetooth connection is deleted while a controller event is being processed concurrently. A local attacker could potentially exploit this...

kernel: bpf: Disable preemption in bpf_perf_event_output

A flaw was found in the Linux kernel's BPF subsystem. The bpfperfeventoutput function relies on disabled preemption for nesting protection, but when called from uprobes context via bpfprogrunarraysleepable, preemption remains enabled. This allows task preemption during protected sections, leading...

kernel: Linux kernel: Denial of Service due to memory leak in target_cmd_counter

A flaw was found in SCSI subsystem of the Linux kernel. A local attacker with low privileges could exploit a memory leak within the targetcmdcounter structure. This issue, a type of resource management error, can lead to a Denial of Service DoS by gradually consuming system memory...

Kernel: double free in hci_conn_cleanup of the bluetooth subsystem

A double-free vulnerability was found in the hciconncleanup in net/bluetooth/hciconn.c in the Linux Kernel. This issue may cause a denial of service or privilege escalation...

kernel: Linux kernel Bluetooth: Denial of Service via race condition in hidp_session_thread

A flaw was found in the Linux kernel's Bluetooth subsystem. A race condition in the hidpsessionthread can lead to a use-after-free vulnerability. This occurs when a timer is active while its deletion function is called, causing memory to be accessed after it has been freed. A local attacker could...

kernel: Linux kernel (soundwire): Memory corruption due to incorrect device enumeration completion

A flaw was found in the Linux kernel's soundwire subsystem. The code responsible for managing device enumeration completion, which allows drivers to synchronize with soundwire devices, contains a defect. This issue can lead to memory corruption if drivers are still waiting for completion, as the...

kernel: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX

A flaw was addressed in the Linux kernel’s traffic scheduling TAPRIO subsystem. The code that handles the TCATAPRIOATTRSCHEDCYCLETIME attribute did not enforce an upper bound on this value, which could allow excessively large cycle time inputs to be processed. Under certain conditions, this can...

kernel: wifi: cfg80211: ocb: don't leave if not joined

A flaw was found in the Linux kernel's cfg80211 wireless subsystem. When handling OCB Outside the Context of a BSS mode, the kernel may attempt to leave an OCB network even when not joined, which could cause driver confusion or unexpected behavior. This is a logic error in state management...

LSN-0103-1 Kernel Live Patch Security Notice

Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information kernel memory.CVE-2023-4569 Xingyuan Mo discovered that the netfilter subsystem in the Lin...

DEBIAN-CVE-2024-26927

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head-fullsize - head-headersize" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add...