SUSE SLES15 Security Update : kernel RT (Live Patch 3 for SLE 15 SP5) (SUSE-SU-2024:1183-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1183-1 advisory. - An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of t...

DEBIAN-CVE-2021-47188

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcdqueuecommand+0x468/0x65c Call trace: ufshcdqueuecommand+0x468/0x65c...

UBUNTU-CVE-2021-47216

In the Linux kernel, the following vulnerability has been resolved: scsi: advansys: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to 'unsigned long' and printed with %lx. Change %lx to %p to print the hashed pointer...

CVE-2021-47195

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the addlock mutex Commit 6098475d4cb4 "spi: Fix deadlock when adding SPI controllers on SPI buses" introduced a per-controller mutex. But mutexunlock of said lock is called after the controller is alrea...

SUSE CVE-2024-26722

In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix deadlock in rt5645jackdetectwork There is a path in rt5645jackdetectwork, where rt5645-jdmutex is left locked forever. That may lead to deadlock when rt5645jackdetectwork is called for the second time. Found by...

CVE-2024-26241

Win32k Elevation of Privilege Vulnerability...

CVE-2024-26209

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability...

CVE-2024-26209 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

...

SUSE CVE-2024-26799

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where lpassgetdmactlhandle is called and the driver id daiid is invalid the pointer dmactl is not being assigned a value, and dmactl contains a garbage value since it has n...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12271)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12271 advisory. - KVM: x86: Add BHINO Daniel Sneddon Orabug: 36384803 CVE-2024-2201 - x86/bhi: Mitigate KVM by default Pawan Gupta Orabug: 36384803 CVE-2024-2201 ...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a packet name validation bypass vulnerability in the HwIms module...

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP5) (SUSE-SU-2024:1097-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1097-1 advisory. - There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the...

SUSE CVE-2023-52641

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attrallocateframe It is preferable to exit through the out: label because internal debugging functions are located there...

OracleVM 3.4 : kernel-uek (OVMSA-2024-0004)

The remote OracleVM system is missing necessary patches to address security updates: - A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a...

UBUNTU-CVE-2024-26786

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix ioptaccesslistid overwrite bug Syzkaller reported the following WARNON: WARNING: CPU: 1 PID: 4738 at drivers/iommu/iommufd/iopagetable.c:1360 Call Trace: iommufdaccesschangeioas+0x2fe/0x4e0...

CVE-2024-26793 gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtpnewlink The gtplinkops operations structure for the subsystem must be registered after registering the gtpnetops pernet operations structure. Syzkaller hit 'general protection faul...

CVE-2024-26792 btrfs: fix double free of anonymous device after snapshot creation failure

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of anonymous device after snapshot creation failure When creating a snapshot we may do a double free of an anonymous device in case there's an error committing the transaction. The second free may result in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized pointer issue in ASoC qcom...

AZL-59481 CVE-2024-26758 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore suspended array in mdcheckrecovery mddevsuspend never stop syncthread, hence it doesn't make sense to ignore suspended array in mdcheckrecovery, which might cause syncthread can't be unregistered. After commit...

AZL-59484 CVE-2024-26758 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore suspended array in mdcheckrecovery mddevsuspend never stop syncthread, hence it doesn't make sense to ignore suspended array in mdcheckrecovery, which might cause syncthread can't be unregistered. After commit...