CVE-2024-56655

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not defer rule destruction via callrcu nftableschaindestroy can sleep, it can't be used from callrcu callbacks. Moreover, nftablesrulerelease is only safe for error unwinding, while transaction mutex is he...

DEBIAN-CVE-2024-56655

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not defer rule destruction via callrcu nftableschaindestroy can sleep, it can't be used from callrcu callbacks. Moreover, nftablesrulerelease is only safe for error unwinding, while transaction mutex is he...

UBUNTU-CVE-2024-56655

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not defer rule destruction via callrcu nftableschaindestroy can sleep, it can't be used from callrcu callbacks. Moreover, nftablesrulerelease is only safe for error unwinding, while transaction mutex is he...

CVE-2024-50082 blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race

In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rqqoswait vs. rqqoswakefunction race We're seeing crashes from rqqoswakefunction that look like this: BUG: unable to handle page fault for address: ffffafe180a40084 PF: supervisor write access in kernel...

CVE-2024-49903 jfs: Fix uaf in dbFreeBits

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uaf in dbFreeBits syzbot reported ================================================================== BUG: KASAN: slab-use-after-free in mutexlockcommon kernel/locking/mutex.c:587 inline BUG: KASAN: slab-use-after-free in...

kernel: drivers: core: synchronize really_probe() and dev_uevent()

This CVE has been marked as Rejected by the assigning CNA...

UBUNTU-CVE-2024-46782

In the Linux kernel, the following vulnerability has been resolved: ila: call nfunregisternethooks sooner syzbot found an use-after-free Read in ilanfinput 1 Issue here is that ilaxlatexitnet frees the rhashtable, then call nfunregisternethooks. It should be done in the reverse way, with a...

CVE-2024-44935

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseportaddsock. syzbot reported a null-ptr-deref while accessing sk2-skreuseportcb in reuseportaddsock. 0 The repro first creates a listener with SOREUSEPORT. Then, it creates another listener on the...

kernel: tcp: properly terminate timers for kernel sockets

In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding netns has been dismantled. Fortunately Josef Bacik could trigger the issue more often, and could test...

CVE-2024-38806 UAA Failure to Remove Shadow User’s Access

Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform operations beyond their...

CVE-2024-39501

...

KB5039342: Servicing stack update for Windows Server 2012: June 11, 2024

KB5039342: Servicing stack update for Windows Server 2012: June 11, 2024 End of support information Windows Server 2012 reached end of support EOS on October 10, 2023. Extended Security Updates ESUs are available for purchase and will continue for three years, renewable on an annual basis, until...

CVE-2021-47414

In the Linux kernel, the following vulnerability has been resolved: riscv: Flush current cpu icache before other cpus On SiFive Unmatched, I recently fell onto the following BUG when booting: 0.000000 ftrace: allocating 36610 entries in 144 pages 0.000000 Oops - illegal instruction 1 0.000000...

SUSE CVE-2024-27390

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: remove one synchronizenet barrier in ipv6mcdown As discussed in the past commit 2d3916f31891 "ipv6: fix skb drops in igmp6eventquery and igmp6eventreport" I think the synchronizenet call in ipv6mcdown is not needed...

DEBIAN-CVE-2024-27390

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: remove one synchronizenet barrier in ipv6mcdown As discussed in the past commit 2d3916f31891 "ipv6: fix skb drops in igmp6eventquery and igmp6eventreport" I think the synchronizenet call in ipv6mcdown is not needed...

UBUNTU-CVE-2024-27390

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: remove one synchronizenet barrier in ipv6mcdown As discussed in the past commit 2d3916f31891 "ipv6: fix skb drops in igmp6eventquery and igmp6eventreport" I think the synchronizenet call in ipv6mcdown is not needed...

CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada. provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2022.3.13 and prior versions that originates from a privilege bypass when importing or synchronizin...

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2022-29081

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...