Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a problematic thread synchronization...

CVE-2024-21823

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

CVE-2024-21823

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

CVE-2024-21823

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

UBUNTU-CVE-2024-21823

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

CVE-2024-21823

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

PT-2024-5465 · Microsoft +6 · Edge +6

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 126.0.6478.182 Chromium versions prior to 126.0.6478.182 Yandex Browser versions prior to 24.7.6.1018-alt1 Chromedriver versions prior to 126.0.6478.182-1.1 Debian Bookworm chromium versions prior to...

The vulnerability of the unix_state_double_lock() function in the net/unix/af_unix.c module, which is part of the Linux operating system’s AF_UNIX sockets implementation, allows a hacker to cause a service failure.

The vulnerability of the unixstatedoublelock function in the net/unix/afunix.c module, which implements AFUNIX sockets in Linux operating systems, is related to a violation of synchronization mechanisms. Exploiting this vulnerability could allow an attacker to cause a service failure...

May 14, 2024—KB5037763 (OS Build 14393.6981) - EXPIRED

May 14, 2024—KB5037763 OS Build 14393.6981 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 11/19/20 For...

PT-2024-3642 · Microsoft +7 · Visual Studio +8

Name of the Vulnerable Software and Affected Versions: Microsoft Visual Studio affected versions not specified Microsoft .NET affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource. It may allow a remote attacker to cause a denial o...

The vulnerability of the distributed file system (DFS) of the Windows operating system, which allows a hacker to execute arbitrary code

The vulnerability of the distributed file system DFS in the Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Brokering File System (BFS) of the Windows Server operating system allows a perpetrator to increase their privileges.

The vulnerability of the Brokering File System BFS in the Windows Server operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Ivanti Secure Access Client (formerly Pulse Secure Desktop Client) for corporate networks’ VPN servers in Windows operating systems, related to synchronization errors when using a shared resource, allows a hacker to escalate their privileges.

The vulnerability of the VPN server for corporate networks of Ivanti Secure Access Client formerly Pulse Secure Desktop Client on Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to increase their...

The vulnerability of the Brokering File System (BFS) of the Windows Server operating system allows a perpetrator to increase their privileges.

The vulnerability of the Brokering File System BFS in the Windows Server operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

AZL-42229 CVE-2024-27014 affecting package kernel for versions less than 5.15.158.1-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the priv-statelock, any scheduled aRFS works are canceled using the cancelworksync function, which waits for the work to end if it has already started...

kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

kernel: Linux kernel (soundwire): Memory corruption due to incorrect device enumeration completion

A flaw was found in the Linux kernel's soundwire subsystem. The code responsible for managing device enumeration completion, which allows drivers to synchronize with soundwire devices, contains a defect. This issue can lead to memory corruption if drivers are still waiting for completion, as the...

kernel: af_unix: Fix data-races around user->unix_inflight

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data-races around user-unixinflight. user-unixinflight is changed under spinlockunixgclock, but toomanyunixfds reads it locklessly. Let's annotate the write/read accesses to user-unixinflight. BUG: KCSAN: data-race in...

The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.

The vulnerability of the Windows operating system’s kernel is related to synchronization errors when using a shared resource „Race Conditions“. Exploiting this vulnerability can allow an attacker to increase their privileges...

Improper Synchronisation

https://github.com/evmos/evmos/ is vulnerable to Improper Synchronisation. The vulnerability is due to a lack of synchronization between two states during transaction execution, allowing for arbitrary token minting. This exploit occurs because the stateDB.Commit method updates the Cosmos SDK...