QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...

Moderate: Red Hat Security Advisory: qemu-kvm security update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

The vulnerability of the dp_aux_cmd_fifo_tx() function in the Linux kernel component allows for a denial-of-service attack to be triggered.

The vulnerability of the dpauxcmdfifotx function in the Linux kernel component is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the WebAudio component in the Google Chrome web browser allows a hacker to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the WebAudio component in the Google Chrome web browser is related to the simultaneous execution using a shared resource with improper synchronization. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause...

CVE-2024-46845

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise and timer latency. If the program using this is killed via a SIGTERM, the threads are shutdown one at a ti...

UBUNTU-CVE-2024-46830

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm-srcu when handling KVMSETVCPUEVENTS Grab kvm-srcu when processing KVMSETVCPUEVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note,...

UBUNTU-CVE-2024-46858

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in timerdeletesync There are two paths to access mptcppmdeladdtimer, result in a race condition: CPU1 CPU2 ==== ==== netrxaction napipoll netlinksendmsg napipoll netlinkunicast processbacklog netlinkunicastkern...

CVE-2024-46845 tracing/timerlat: Only clear timer if a kthread exists

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise and timer latency. If the program using this is killed via a SIGTERM, the threads are shutdown one at a ti...

CVE-2024-46845 tracing/timerlat: Only clear timer if a kthread exists

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise and timer latency. If the program using this is killed via a SIGTERM, the threads are shutdown one at a ti...

CVE-2024-4278 Incorrect Synchronization in GitLab

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting...

SUSE CVE-2024-42861

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted PdelayReq message to the time synchronization function...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7009-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7009-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2024:6964)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6964 advisory. QEMU: virtio: DMA reentrancy issue leads to double free vulnerability CVE-2024-3446 QEMU: Denial of Service via Improper Synchronization in QEMU NBD Serve...

kernel: drivers: core: synchronize really_probe() and dev_uevent()

This CVE has been marked as Rejected by the assigning CNA...

ROS-20240924-04

A vulnerability in the fastrpc component of the Linux operating system kernel is related to race conditions after a memory release. Exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity, and availability A vulnerability in the usbsubmiturb function of...

The vulnerability of the `rpmsg_ctrldev_release_device` function in the `lib/debugobjects.c` file of the Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the rpmsgctrldevreleasedevice function in the lib/debugobjects.c file of the Linux kernel is caused by synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to trigger a service failure...

The vulnerability of the reweight_entity() function in the sched component of the Linux operating system’s kernel allows for a failure to occur due to synchronization errors when using shared resources, potentially leading to service failures.

The vulnerability of the reweightentity function in the sched component of the Linux operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2024-42861

A flaw was found in Linux PTP. This flaw allows an attacker to possibly trigger a denial of service via a specially crafted PdelayReq message to the time synchronization function. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red H...

DEBIAN-CVE-2024-42861

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted PdelayReq message to the time synchronization function...

CVE-2024-42861

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted PdelayReq message to the time synchronization function...