CVE-2024-26812 vfio/pci: Create persistent INTx handler

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the...

CVE-2024-26810 vfio/pci: Lock external INTx masking ops

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl. Create wrappers that add locking for paths outside of the core interrupt code. In...

CVE-2024-26810

Technical details about CVE-2024-26810 are not provided in the supplied documents. The Astra bulletin repeats the vulnerability description without specifying affected products/versions or remediation. Monitor for official advisories to obtain precise impact and fixes.

CVE-2024-26810 vfio/pci: Lock external INTx masking ops

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl. Create wrappers that add locking for paths outside of the core interrupt code. In...

SUSE CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreqmonitorstart/stop There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from canceldelayedworksync...

CVE-2024-26812

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the...

DEBIAN-CVE-2024-26755

In the Linux kernel, the following vulnerability has been resolved: md: Don't suspend the array for interrupted reshape mdstartsync will suspend the array if there are spares that can be added or removed from conf, however, if reshape is still in progress, this won't happen at all or data will be...

CVE-2024-26756 md: Don't register sync_thread for reshape directly

In the Linux kernel, the following vulnerability has been resolved: md: Don't register syncthread for reshape directly Currently, if reshape is interrupted, then reassemble the array will register syncthread directly from pers-run, in this case 'MDRECOVERYRUNNING' is set directly, however, there ...

DEBIAN-CVE-2024-26697

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfsrecoverycopyblock of nilfsrecoverydsyncblocks, which recovers data from logs created by data sync writes during a mount after an...

UBUNTU-CVE-2024-26690

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: protect updates of 64-bit statistics counters As explained by a comment in , write side of struct u64statssync must ensure mutual exclusion, or one seqcount update could be lost on 32-bit platforms, thus blocking...

UBUNTU-CVE-2023-52638

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by changing j1939sockslock to rwlock The following 3 locks would race against each other, causing the deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...

The vulnerability of the PMIx process management interface, related to synchronization errors when using a common resource, allows a perpetrator to gain access to confidential data.

The vulnerability of the PMIx process management interface is related to the execution of code from the library with UID 0. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data...

The vulnerability of the declarative delivery tool for GitOps on Kubernetes Argo CD, related to insecure privilege management, allows a perpetrator to perform local synchronization.

The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD relates to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to perform local synchronization remotely...

The vulnerability of Intel microprogramming software, related to synchronization errors when using shared resources, allows attackers to exploit their privileges.

The vulnerability of Intel microprogramming software is related to synchronization errors when using common resources. Exploiting this vulnerability can allow attackers to increase their privileges...

DEBIAN-CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreqmonitorstart/stop There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from canceldelayedworksync...

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreqmonitorstart/stop There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from canceldelayedworksync...

UBUNTU-CVE-2023-52632

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning with srcu ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp 2289 Not tainted...

UBUNTU-CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreqmonitorstart/stop There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from canceldelayedworksync...

CVE-2023-52635

The CVE-2023-52635 entry concerns a Linux kernel devfreq timer race. Description: frequent governor switches (e.g., simple_ondemand and performance) on a devfreq device may race with timer cancellation and expiration, risking timer_list corruption when cancel_delayed_work_sync() is followed by ex...

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreqmonitorstart/stop There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from canceldelayedworksync...