239 matches found
AZL-55615 CVE-2024-53210 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSGPEEK causes memory leak in iucvsockdestruct Passing MSGPEEK flag to skbrecvdatagram increments skb refcount skb-users and iucvsockrecvmsg does not decrement skb refcount at exit. This results in skb memory leak in...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak problem caused by MSGPEEK in the s390/iucv subsystem...
kernel: s390/qeth: Fix kernel panic after setting hsuid
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
The vulnerabilities of the s390/cio components of Linux kernel, which allow a hacker to trigger a service failure
The vulnerability of the s390/cio components of the Linux operating system’s kernel is related to errors in reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerabilities of the s390/dasd components of the Linux operating system’s kernel, which allow a hacker to trigger a service failure
The vulnerability of the s390/dasd components in the Linux operating system’s kernel is related to incorrect calculations in the dasdgenericsetonline function. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerabilities of the s390/cio components of Linux kernel, which allow a hacker to trigger a service failure
The vulnerability of the s390/cio component of the Linux operating system’s kernel is related to the state of the ccwdevicesetonline function. Exploiting this vulnerability can allow an attacker to gain increased privileges within the system...
The vulnerability of the `virt_to-phys` function in the S390 kernel of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the virtto-phys function in the S390 kernel of the Linux operating system is related to the use of an uninitialized pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
Security Bulletin: IBM HTTP Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server (CVE-2024-24795, CVE-2023-38709)
Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-24795 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by a flaw in multip...
SUSE CVE-2024-44969
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, ther...
DEBIAN-CVE-2024-45005
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...
AZL-49881 CVE-2024-44969 affecting package kernel for versions less than 5.15.167.1-1
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, ther...
s390/mm: Add NULL pointer check to crst_table_free() base_crst_free()
...
kernel: KVM: s390: vsie: fix race during shadow creation
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...
AZL-47396 CVE-2024-42158 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfreesensitive to fix Coccinelle warnings Replace memzeroexplicit and kfree with kfreesensitive to fix warnings reported by Coccinelle: WARNING opportunity for kfreesensitive/kvfreesensitive line 1506 WARNING...
DEBIAN-CVE-2024-42155
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a warning reported by Coccinelle in the s390/pkey module when using memzeroexplicit and kfree, which should ...
The vulnerability of the `copy_to_user` function in the s390 kernel of the Linux operating system allows a hacker to disclose protected information.
The vulnerability of the copytouser function in the s390 kernel of the Linux operating system is related to buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...
Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)
Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error...
UBUNTU-CVE-2024-38661
In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modifybitmap A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a memory leak in the bpf, s390 module...