Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6686-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6686-1 advisory. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions duri...

SUSE CVE-2024-26627

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsihostbusy out of host lock for waking up EH handler Inside scsiehwakeup, scsihostbusy is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6681-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6681-1 advisory. Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6680-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6680-1 advisory. discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure...

USN-6680-1: Linux kernel vulnerabilities

黄思聪 discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash...

kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c

A flaw was found in the Linux kernel Direct Rendering Infrastructure DRI subsystem in which a use-after-free can be caused when a user triggers a race condition between a nonblocking atomic commit and a driver unload. A local user could use this flaw to crash the system or potentially escalate...

BIT-JENKINS-2021-21686

File path filters in the agent-to-controller security subsystem of Jenkins LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories...

DEBIAN-CVE-2024-26627

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsihostbusy out of host lock for waking up EH handler Inside scsiehwakeup, scsihostbusy is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too...

CVE-2023-52596

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory used for mounts. This check evaluates the first elemen...

AZL-56846 CVE-2023-52586 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory used for mounts. This check evaluates the first elemen...

CVE-2024-26627 scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsihostbusy out of host lock for waking up EH handler Inside scsiehwakeup, scsihostbusy is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too...

CVE-2023-52596 sysctl: Fix out of bounds access for empty sysctl registers

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory used for mounts. This check evaluates the first elemen...

The vulnerabilities of the llcp_sock_connect() and llcp_sock_bind() functions in the NFC subsystem of Linux kernel allow attackers to cause service failures or disclose protected information.

The vulnerability of the llcpsockconnect and llcpsockbind functions in the NFC subsystem of Linux kernel is related to the use of memory after it is freed, resulting in the same object being assigned to two different sockets. Exploiting this vulnerability can allow an attacker to cause a service...

The vulnerability of the kvm_for_each_vcpu() function in the KVM virtualization subsystem of Linux kernels allows a attacker to cause a service failure.

The vulnerability of the kvmforeachvcpu function in the KVM virtualization subsystem of Linux operating systems is related to errors in pointer manipulation when processing the createdvcpus parameter. Exploiting this vulnerability can allow a remote attacker to trigger a service failure...

USN-6653-4 linux-gke vulnerabilities

It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...

CVE-2021-47106

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftsetcatchalldestroy We need to use listforeachentrysafe iterator because we can not access @catchall after kfreercu call. syzbot reported: BUG: KASAN: use-after-free in...

CVE-2023-43550

Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem...

Memory corruption

Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem...

CVE-2023-43550 Integer Overflow or Wraparound in Core Services

Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem...