kernel: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

A vulnerability was found in the cfg80211 component in the Linux kernel, where a lack of proper range validation applied to the NL80211ATTRTXQQUANTUM can lead to a scenario where the userspace passes an extremely high value that the kernel is not designed to handle efficiently ex. 2^31. This can...

kernel: powerpc/pseries: Whitelist dtl slub object for copying to userspace

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu- results in a BUG when the config CONFIGHARDENEDUSERCOPY is enabled as shown below. kernel...

UBUNTU-CVE-2024-46792

In the Linux kernel, the following vulnerability has been resolved: riscv: misaligned: Restrict user access to kernel memory rawcopyto,fromuser do not call accessok, so this code allowed userspace to access any virtual memory address...

CVE-2024-46792 riscv: misaligned: Restrict user access to kernel memory

In the Linux kernel, the following vulnerability has been resolved: riscv: misaligned: Restrict user access to kernel memory rawcopyto,fromuser do not call accessok, so this code allowed userspace to access any virtual memory address...

CVE-2024-46792 riscv: misaligned: Restrict user access to kernel memory

In the Linux kernel, the following vulnerability has been resolved: riscv: misaligned: Restrict user access to kernel memory rawcopyto,fromuser do not call accessok, so this code allowed userspace to access any virtual memory address...

RHSA-2021:1804 Red Hat Security Advisory: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update

Bulletin has no description...

CVE-2024-27365

CVE-2024-27365 affects Samsung Mobile Processor Exynos family: Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, and Exynos W930. The root cause is missing input validation for a length value from userspace in the function slsi_rx_blockack_ind()...

PT-2024-21854 · Samsung · Exynos 1330 +8

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor, Wearable Processor Exynos versions Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930 Description: An issue was discovered in the function slsi rx scan...

CVE-2024-43110

The ctlrequestsense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note th...

CVE-2024-8178

The ctlwritebuffer and ctlreadbuffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which...

CVE-2024-32668

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, whic...

CVE-2024-45063

The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process,...

CVE-2024-42416 Multiple issues in ctl(4) CAM Target Layer

The ctlreportsupportedopcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on...

CVE-2024-42416

CVE-2024-42416 affects FreeBSD ctl(4) CAM Target Layer: ctl_report_supported_opcodes did not properly validate a field from userspace, enabling an arbitrary write into limited kernel help memory. Impact: guest VMs using virtio_scsi can abuse this to execute code on the host bhyve process (root), ...

CVE-2024-41928

Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve...

CVE-2024-41928

CVE-2024-41928 affects FreeBSD bhyve: a buffer overflow in the MMIO path when TPM passthrough is enabled can let malware in a guest VM execute code on the host bhyve process (usually running as root). The FreeBSD advisory SA-24:10.bhyve documents the issue, impact, and remediation, including upgr...

SUSE CVE-2024-44961

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Forward soft recovery errors to userspace As we discussed before1, soft recovery should be forwarded to userspace, or we can get into a really bad state where apps will keep submitting hanging command buffers cascadin...

CVE-2024-45008

In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at inputmtinitslots, for numslots is supplied from userspace using ioctlUIDEVCREATE. Since nobody knows possible max slots, this patch chose 1024...

CVE-2024-45008 Input: MT - limit max slots

In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at inputmtinitslots, for numslots is supplied from userspace using ioctlUIDEVCREATE. Since nobody knows possible max slots, this patch chose 1024...

CVE-2024-45008

In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at inputmtinitslots, for numslots is supplied from userspace using ioctlUIDEVCREATE. Since nobody knows possible max slots, this patch chose 1024...