UBUNTU-CVE-2024-53218

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix race in concurrent f2fsstopgcthread In my test case, concurrent calls to f2fs shutdown report the following stack trace: Oops: general protection fault, probably for non-canonical address 0xc6cfff63bb5513fc: 0000 1...

SUSE CVE-2021-46921

In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath While this code is executed with the waitlock held, a reader can acquire the lock without holding waitlock. The writer side loops checking the value with the...

DEBIAN-CVE-2021-47351

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattrset|get and listxattr operations UBIFS may occur some problems with concurrent xattrset|get and listxattr operations, such as assertion failure, memory corruption, stale xattr value1. Fix it by...

UBUNTU-CVE-2021-47351

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattrset|get and listxattr operations UBIFS may occur some problems with concurrent xattrset|get and listxattr operations, such as assertion failure, memory corruption, stale xattr value1. Fix it by...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath CVE-2021-46921 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath CVE-2021-46921 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon...

UBUNTU-CVE-2023-52638

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by changing j1939sockslock to rwlock The following 3 locks would race against each other, causing the deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...

DEBIAN-CVE-2023-52493

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parsexferevent such that a callback given to client can potentially queu...

UBUNTU-CVE-2023-52493

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parsexferevent such that a callback given to client can potentially queu...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a security flaw in the read lock and write lock of the channel...

CVE-2023-52493

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parsexferevent such that a callback given to client can potentially queu...

UBUNTU-CVE-2021-47041

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix incorrect locking in statechange sk callback We are not changing anything in the TCP connection state so we should not take a writelock but rather a read lock. This caused a deadlock when running nvmet-tcp and...

CVE-2021-46921

In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath While this code is executed with the waitlock held, a reader can acquire the lock without holding waitlock. The writer side loops checking the value with the...

CVE-2021-46921

In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath While this code is executed with the waitlock held, a reader can acquire the lock without holding waitlock. The writer side loops checking the value with the...

CVE-2021-46921

In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath While this code is executed with the waitlock held, a reader can acquire the lock without holding waitlock. The writer side loops checking the value with the...

CVE-2021-46921

In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath While this code is executed with the waitlock held, a reader can acquire the lock without holding waitlock. The writer side loops checking the value with the...

DEBIAN-CVE-2021-46921

In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath While this code is executed with the waitlock held, a reader can acquire the lock without holding waitlock. The writer side loops checking the value with the...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath While this code is executed with the waitlock held, a reader can acquire the lock without holding waitlock. The writer side loops checking the value with the...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 112, which stems from a Mozilla Maintenance Service write-lock bypass, where a local attacker can trick the Mozilla Maintenance...

SUSE CVE-2023-29532

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...