PYSEC-2024-312

Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...

CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports

Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...

UBUNTU-CVE-2024-47669

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 "nilfs2: separate wait function from nilfssegctorwrite" was applied, the log writing function nilfssegctordoconstruct was able to issue...

CentOS 7 : kpatch-patch (RHSA-2020:0028)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0028 advisory. - Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to...

CLSA-2024-1727817758 Fix of 74 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2021-47188 - scsi: ufs: core: Improve SCSI abort handling CVE-url: https://ubuntu.com/security/CVE-2024-26677 - rxrpc: Fix delayed ACKs to not set the...

DEBIAN-CVE-2024-46817

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpudm initialize when stream nums greater than 6 Why Coverity reports OVERRUN warning. Should abort amdgpudm initialize. How Return failure to amdgpudminit...

DEBIAN-CVE-2024-46751

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUGON when 0 reference count at btrfslookupextentinfo Instead of doing a BUGON handle the error by returning -EUCLEAN, aborting the transaction and logging an error message...

DEBIAN-CVE-2024-46752

In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUGON with error handling at updaterefforcow Instead of a BUGON just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't ha...

UBUNTU-CVE-2024-46752

In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUGON with error handling at updaterefforcow Instead of a BUGON just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't ha...

CVE-2024-46751

CVE-2024-46751 affects the Linux kernel's BTRFS path btrfs_lookup_extent_info(), where a 0 reference count could trigger a BUG_ON(). The fix replaces BUG_ON() with returning -EUCLEAN, aborting the transaction, and logging an error. This is documented in Debian/Ubuntu advisories and included in pa...

libfluid 安全漏洞

libfluid is an Open Networking open source application. A security vulnerability exists in libfluid that stems from the fact that the fluidmsg::of10::Port: unpack routine contains an exception abort...

thunderbird: Crash when aborting verification of OTR chat

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash...

thunderbird: Crash when aborting verification of OTR chat

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash...

CVE-2024-46680

CVE-2024-46680 concerns the Linux kernel Bluetooth Bluetooth: btnxpuart driver crash during driver removal. The vulnerability arises when ps_wakeup() in btnxpuart_close() schedules work that is executed after the btnxpuart module is removed, leading to a kernel crash during repeated load/unload t...

scsi: ufs: core: Fix ufshcd_abort_one racing issue

...

DEBIAN-CVE-2024-8394

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird 128.2...

SUSE CVE-2024-44963

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON when freeing tree block after error When freeing a tree block, at btrfsfreetreeblock, if we fail to create a delayed reference we don't deal with the error and just do a BUGON. The error most likely to happen ...

AZL-49953 CVE-2024-44963 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON when freeing tree block after error When freeing a tree block, at btrfsfreetreeblock, if we fail to create a delayed reference we don't deal with the error and just do a BUGON. The error most likely to happen ...

DEBIAN-CVE-2024-44963

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON when freeing tree block after error When freeing a tree block, at btrfsfreetreeblock, if we fail to create a delayed reference we don't deal with the error and just do a BUGON. The error most likely to happen ...

AZL-49924 CVE-2024-44963 affecting package kernel for versions less than 6.6.64.2-9

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON when freeing tree block after error When freeing a tree block, at btrfsfreetreeblock, if we fail to create a delayed reference we don't deal with the error and just do a BUGON. The error most likely to happen ...