SUSE CVE-2024-47727

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handlemmio function checks if the VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can...

CVE-2024-47727

A flaw was found in the Linux kernel. Userspace can deceive the kernel into performing MMIO Memory-Mapped IO operations in TDX Trust Domain Extensions on its behalf, allowing a VE Virtualization Exception to be incorrectly handled as a in-kernel MMIO operation. Mitigation Mitigation for this issu...

CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

CVE-2024-47727

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handlemmio function checks if the VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can...

DEBIAN-CVE-2024-47719

In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN overflows which corrupts the selected area range during...

CVE-2024-47716

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal...

CVE-2024-47742

CVE-2024-47742 : Linux kernel firmware_loader path traversal vulnerability. Several code paths construct firmware filenames from device or userspace data (e.g., lpfc_sli4_request_firmware_update, nfp_net_fw_find, module_flash_fw_schedule). The issue arises when dynamic firmware names can include ...

CVE-2024-47727

CVE-2024-47727 is a Linux kernel issue (x86/tdx) where userspace could trick the kernel into performing MMIO via #VE by pointing a syscall at an MMIO address. The root cause was the in-kernel MMIO check in handle_mmio() not guaranteeing the target MMIO address was within the kernel before decodin...

CVE-2024-47727 x86/tdx: Fix "in-kernel MMIO" check

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handlemmio function checks if the VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can...

CVE-2024-47727 x86/tdx: Fix "in-kernel MMIO" check

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handlemmio function checks if the VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can...

CVE-2024-47716 ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal...

CVE-2024-47716 ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal...

[SECURITY] Fedora 41 Update: kernel-headers-6.11.3-300.fc41

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

CVE-2024-21455

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver...

CVE-2024-23374

CVE-2024-23374 affects Qualcomm chipsets with a haptics subsystem that exposes a haptics debugfs file. The vulnerability allows memory corruption when a userspace or console process writes a haptics pattern to the debugfs file, caused by the underlying memory handling. CVSS details indicate a LOC...

CVE-2024-21455 Untrusted Pointer Dereference in DSP Service

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver...

PT-2024-19850 · Qualcomm · Snapdragon +25

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. This...

PT-2024-18880 · Qualcomm · Snapdragon +19

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption that occurs when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. This can lead to...

kernel: scsi: qedf: Ensure the copied buf is NUL terminated

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is...