Gogs 操作系统命令注入漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the Gogs team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. An operating system command injection vulnerability exists in Gogs 0.12....

kernel: tty: serial: Fix refcount leak bug in ucc_uart.c

In the Linux kernel, the following vulnerability has been resolved: tty: serial: Fix refcount leak bug in uccuart.c In socinfo, offindnodebytype will return a node pointer with refcount incremented. We should use ofnodeput when it is not used anymore...

kernel: clk: Get runtime PM before walking tree for clk_summary

In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree for clksummary The Linux kernel CVE team has assigned CVE-2024-27003 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050146-CVE-2024-27003-c862@gregkh/T...

kernel: maple_tree: fix mas_empty_area_rev() null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...

kernel: thermal: of: fix double-free on unregistration

A flaw was found in the Linux kernel's thermal subsystem. A double-free vulnerability occurs during thermal zone device unregistration when using device tree OF bindings. The thermalofzoneregister function leaks the original tzp structure and double-frees the internal copy, which can lead to memo...

kernel: nommu: fix memory leak in do_mmap() error path

In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in dommap error path The preallocation of the maple tree nodes may leak if the error path to "errorjustfree" is taken. Fix this by moving the freeing of the maple tree nodes to a shared location for all err...

kernel: HID: i2c-hid-of: fix NULL-deref on failed power up

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid-of: fix NULL-deref on failed power up A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which is dereferenced on power-up failures...

kernel: lib/generic-radix-tree.c: Don't overflow in peek()

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the rad...

kernel: of: fdt: fix off-by-one error in unflatten_dt_nodes()

In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflattendtnodes The Linux kernel CVE team has assigned CVE-2022-48672 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050318-CVE-2022-48672-b6d9@gregkh/T...

CVE-2024-49958

...

UBUNTU-CVE-2024-50263

In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 "fork: use mtdup to duplicate maple tree in dupmma...

CVE-2024-50263 fork: only invoke khugepaged, ksm hooks if no error

In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 "fork: use mtdup to duplicate maple tree in dupmma...

CVE-2024-50225

CVE-2024-50225 focuses on the Linux kernel, specifically the Btrfs file system. The vulnerability arises in error propagation for split bios via btrfs_bbio_propagate_error(), which is intended to propagate an error from a split bio back to the original btrfs_bio and inform the upper layer. Under ...

CVE-2024-50225 btrfs: fix error propagation of split bios

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix error propagation of split bios The purpose of btrfsbbiopropagateerror shall be propagating an error of split bio to its original btrfsbio, and tell the error to the upper layer. However, it's not working well on some...

SUSE CVE-2024-50200

In the Linux kernel, the following vulnerability has been resolved: mapletree: correct tree corruption on spanning store Patch series "mapletree: correct tree corruption on spanning store", v3. There has been a nasty yet subtle maple tree corruption bug that appears to have been in existence sinc...

kernel-rt security update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

kernel security update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

WordPress I Plant A Tree plugin <= 1.7.4 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin I Plant A Tree versions = 1.7.4...

CVE-2024-50200

In the Linux kernel, the following vulnerability has been resolved: mapletree: correct tree corruption on spanning store Patch series "mapletree: correct tree corruption on spanning store", v3. There has been a nasty yet subtle maple tree corruption bug that appears to have been in existence sinc...

DEBIAN-CVE-2024-50200

In the Linux kernel, the following vulnerability has been resolved: mapletree: correct tree corruption on spanning store Patch series "mapletree: correct tree corruption on spanning store", v3. There has been a nasty yet subtle maple tree corruption bug that appears to have been in existence sinc...