kernel: drm/ast: Fix soft lockup

CVE-2024-35952 describes an issue in the Linux kernel's AST graphics driver. The problem occurs in the astdpsetonoff function, where a lack of proper synchronization with the DisplayPort Microcontroller Unit DPMCU can result in an infinite loop. This can cause a "soft lockup" in the host system,...

kernel: tcp: properly terminate timers for kernel sockets

In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding netns has been dismantled. Fortunately Josef Bacik could trigger the issue more often, and could test...

kernel: PM / devfreq: Synchronize devfreq_monitor_[start/stop]

A flaw was found in the Linux kernel resulting from race conditions and a lack of synchronization in handling the delayed work timers in the devfreq component. This issue can lead to inconsistencies and a corruption of the timer list...

kernel: PM / devfreq: Synchronize devfreq_monitor_[start/stop]

A flaw was found in the Linux kernel resulting from race conditions and a lack of synchronization in handling the delayed work timers in the devfreq component. This issue can lead to inconsistencies and a corruption of the timer list...

qemu-kvm security update

7.2.0-13.el9 - vfio/migration: Enhance VFIO migration state tracing Avihai Horon - vfio/migration: Don't emit STOPCOPY VFIO migration QAPI event twice Avihai Horon - vfio/migration: Emit VFIO migration QAPI event Avihai Horon - qapi/vfio: Add VFIO migration QAPI event Avihai Horon -...

The vulnerability of the sync_print_obj() function in the dma-buf driver of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the syncprintobj function in the drivers/dma-buf/syncdebug.c file of the Linux kernel’s DMA-buf driver is related to the use of incorrect synchronization functions. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the mld_newpack() function in the IPv6 kernel implementation of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the mldnewpack function in the net/ipv6/mcast.c module of the Linux operating system’s IPv6 kernel implementation is related to improper synchronization. Exploiting this vulnerability could allow an attacker to cause a service failure...

GO-2024-3025 Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server

Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server...

SUSE CVE-2024-42133

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hcilebigsyncestablishedevt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hciconncleanup...

SUSE CVE-2024-42153

In the Linux kernel, the following vulnerability has been resolved: i2c: pnx: Fix potential deadlock warning from deltimersync call in isr When deltimersync is called in an interrupt context it throws a warning because of potential deadlock. The timer is used only to exit from waitforcompletion...

DEBIAN-CVE-2024-7409

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...

CVE-2024-7409 Qemu: denial of service via improper synchronization in qemu nbd server during socket closure

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...

CVE-2024-7409 Qemu: denial of service via improper synchronization in qemu nbd server during socket closure

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...

CVE-2024-7409

CVE-2024-7409 affects QEMU’s NBD server. The flaw is caused by improper synchronization during socket closure when a client keeps a socket open as the server goes offline, enabling potential DoS. Connected advisories/feeds indicate multiple vendors have released security updates (e.g., Debian, SU...

CVE-2024-7409

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...

PT-2024-25073 · Qualcomm · Snapdragon +123

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption where a fence object may still be accessed during timeline destruction after an isync fence is released. This could...

Unspecified Vulnerability in Mattermost (CNVD-2024-35160)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a failure to disable modification of local users when synchronizing users in a shared channel. An attacker could use the vulnerability t...

PT-2024-6082

Name of the Vulnerable Software and Affected Versions QEMU NBD Server affected versions not specified Description A flaw was found in the QEMU NBD Server, allowing a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is...

PT-2024-27027 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Mattermost versions 9.9.x through 9.9.0 Description: The issue allows a malicious remote user to overwrite an existing loc...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a failure to disable modification of local users when synchronizing users in a shared channel. An attacker could use the vulnerability t...