CVE-2024-39281 Unbounded allocation in ctl(4) CAM Target Layer

The command ctlpersistentreserveout allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator...

kernel: hsr: Fix uninit-value access in hsr_get_node()

In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsrgetnode KMSAN reported the following uninit-value access issue 1: ===================================================== BUG: KMSAN: uninit-value in hsrgetnode+0xa2e/0xa40 net/hsr/hsrframereg.c:2...

kernel: dax: Fix dax_mapping_release() use after free

A use-after-free vulnerability was found in the Linux kernel's device-dax subsystem during mapping object cleanup. When removing a dax region provider, the child daxmapping objects attempt to free their ID allocator after the parent devdax object has already been released. This causes idafree to...

kernel: zsmalloc: move LRU update from zs_map_object() to zs_malloc()

A flaw was found in the Linux kernel zsmalloc memory allocator. Under certain memory pressure and reclaim conditions, zsmalloc updated its LRU lists in an unsafe context, which could lead to list corruption due to a race between object mapping and allocation paths. A local user able to trigger...

kernel: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX

A warning was observed in the Linux kernel in hciconndel caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCICONNHANDLEMAX passed by hcilebigsyncestablishedevt, which makes code think it's unset connection...

FreeBSD 安全漏洞

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD that stems from allowing a caller to specify an arbitrary size passed to the kernel memory allocator...

SUSE CVE-2024-50253

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of nrwords in bpfiterbitsnew Check the validity of nrwords in bpfiterbitsnew. Without this check, when multiplication overflow occurs for nrbits e.g., when nrwords = 0x0400-0001, nrbits becomes 64, stack...

DEBIAN-CVE-2024-50253

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of nrwords in bpfiterbitsnew Check the validity of nrwords in bpfiterbitsnew. Without this check, when multiplication overflow occurs for nrbits e.g., when nrwords = 0x0400-0001, nrbits becomes 64, stack...

UBUNTU-CVE-2024-50253

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of nrwords in bpfiterbitsnew Check the validity of nrwords in bpfiterbitsnew. Without this check, when multiplication overflow occurs for nrbits e.g., when nrwords = 0x0400-0001, nrbits becomes 64, stack...

CVE-2024-50253 bpf: Check the validity of nr_words in bpf_iter_bits_new()

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of nrwords in bpfiterbitsnew Check the validity of nrwords in bpfiterbitsnew. Without this check, when multiplication overflow occurs for nrbits e.g., when nrwords = 0x0400-0001, nrbits becomes 64, stack...

CVE-2024-50253

In CVE-2024-50253, the Linux kernel fixes a memory-allocator bug in the BPF subsystem: nr_words can overflow nr_bits in bpf_iter_bits_new(), risking stack corruption via bpf_probe_read_kernel_common when nr_words is large (e.g., 0x0400-0001). The patch constrains nr_words to a maximum of 511 and ...

dma-buf: heaps: Fix off-by-one in CMA heap fault handler

...

Google Pixel Memory Misreference Vulnerability

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a memory misreference vulnerability that originates from a reuse after release in lwisallocatorfree in lwisallocator.c, which can be exploited by an attacker to cause memory corruption...

Fortinet Fortigate Integer overflow in SSLVPN allocator (FG-IR-21-049)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-049 advisory. - An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an...

CVE-2024-47033

In lwisallocatorfree of lwisallocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-47033

In lwisallocatorfree of lwisallocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2024-32361 · Google · Android +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to a possible memory corruption due to a use after free in the lwis allocator free function of lwis allocator.c. This could lead to local escalation of privileg...

Google Pixel 安全漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a memory misreference vulnerability that originates from a reuse after release in lwisallocatorfree in lwisallocator.c, which can be exploited by an attacker to cause memory corruption...

SUSE CVE-2024-49885

In the Linux kernel, the following vulnerability has been resolved: mm, slub: avoid zeroing kmalloc redzone Since commit 946fa0dbf2d8 "mm/slub: extend redzone check to extra allocated kmalloc space than requested", setting origsize treats the wasted space objectsize - origsize as a redzone. Howev...

DEBIAN-CVE-2024-49885

In the Linux kernel, the following vulnerability has been resolved: mm, slub: avoid zeroing kmalloc redzone Since commit 946fa0dbf2d8 "mm/slub: extend redzone check to extra allocated kmalloc space than requested", setting origsize treats the wasted space objectsize - origsize as a redzone. Howev...