kernel: tls: race between tx work scheduling and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete, which could lead to undefined behavior and a denial of service...

DEBIAN-CVE-2024-40987

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix UBSAN warning in kvdpm.c Adds bounds check for sumovidmappingentry...

DEBIAN-CVE-2024-40988

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kvdpm.c Adds bounds check for sumovidmappingentry...

UBUNTU-CVE-2024-40987

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix UBSAN warning in kvdpm.c Adds bounds check for sumovidmappingentry...

UBUNTU-CVE-2024-40988

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kvdpm.c Adds bounds check for sumovidmappingentry...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an out-of-bounds memory access warning with undefined behavior in the drm/radeon component in kvdpm.c...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a UBSAN warning in the drm/amdgpu component in kvdpm.c. The vulnerability is caused by the presence of a...

RUSTSEC-2024-0442 Dump Undefined Memory by `JitDumpFile`

The unsound function dumpcodeloadrecord uses fromrawparts to directly convert the pointer addr and len into a slice without any validation and that memory block would be dumped. Thus, the 'safe' function dumpcodeloadrecord is actually 'unsafe' since it requires the caller to guarantee that the ad...

SUSE CVE-2024-39478

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

CVE-2024-39478

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

DEBIAN-CVE-2024-39478

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

DEBIAN-CVE-2024-39482

In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btreeiter btreeiter is used in two ways: either allocated on the stack with a fixed size MAXBSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the...

UBUNTU-CVE-2024-39478

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the indexing of arrays beyond the bounds of dynamically sized iterators, leading to UBSAN complaints...

DEBIAN-CVE-2024-39461

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign -num before accessing -hws Commit f316cdff8d67 "clk: Annotate struct clkhwonecelldata with countedby" annotated the hws member of 'struct clkhwonecelldata' with countedby, which informs the bounds sanitizer...

SUSE CVE-2024-38540

In the Linux kernel, the following vulnerability has been resolved: bnxtre: avoid shift undefined behavior in bnxtqpliballocinithwq Undefined behavior is triggered when bnxtqpliballocinithwq is called with hwqattr-auxdepth != 0 and hwqattr-auxstride == 0. In that case,...

CVE-2024-38540

In the Linux kernel, the following vulnerability has been resolved: bnxtre: avoid shift undefined behavior in bnxtqpliballocinithwq Undefined behavior is triggered when bnxtqpliballocinithwq is called with hwqattr-auxdepth != 0 and hwqattr-auxstride == 0. In that case,...

DEBIAN-CVE-2024-38540

In the Linux kernel, the following vulnerability has been resolved: bnxtre: avoid shift undefined behavior in bnxtqpliballocinithwq Undefined behavior is triggered when bnxtqpliballocinithwq is called with hwqattr-auxdepth != 0 and hwqattr-auxstride == 0. In that case,...

CVE-2024-38540

In the Linux kernel, the following vulnerability has been resolved: bnxtre: avoid shift undefined behavior in bnxtqpliballocinithwq Undefined behavior is triggered when bnxtqpliballocinithwq is called with hwqattr-auxdepth != 0 and hwqattr-auxstride == 0. In that case,...

AZL-59408 CVE-2024-38540 affecting package kernel for versions less than 5.15.182.1-1

In the Linux kernel, the following vulnerability has been resolved: bnxtre: avoid shift undefined behavior in bnxtqpliballocinithwq Undefined behavior is triggered when bnxtqpliballocinithwq is called with hwqattr-auxdepth != 0 and hwqattr-auxstride == 0. In that case,...