CVE-2024-57923 btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path

In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix availin bytes for s390 zlib HW compression path Since the input data length passed to zlibcompressfolios can be arbitrary, always setting strm.availin to a multiple of PAGESIZE may cause read-in bytes to exceed t...

CVE-2024-6352

A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert...

CVE-2024-57806

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction atomicity bug when enabling simple quotas Set squota incompat bit before committing the transaction that enables the feature. With the config CONFIGBTRFSASSERT enabled, an assertion failure occurs regarding...

PT-2025-3866

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.13 through 2.40 Description The issue is related to the assert function in the GNU C Library, which fails to allocate sufficient space for the assertion failure message string and size information. This may lead to a...

PT-2025-54615

Insufficient epoch key slot processing in OpenVPN 2.7 alpha1 through 2.7 rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

DEBIAN-CVE-2024-56635

In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in defaultoperstate syzbot reported an UAF in defaultoperstate 1 Issue is a race between device and netns dismantles. After calling rtnlunlock from netdevruntodo, we can not assume the netns of each devic...

CVE-2024-56635 net: avoid potential UAF in default_operstate()

In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in defaultoperstate syzbot reported an UAF in defaultoperstate 1 Issue is a race between device and netns dismantles. After calling rtnlunlock from netdevruntodo, we can not assume the netns of each devic...

CVE-2024-56635 net: avoid potential UAF in default_operstate()

In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in defaultoperstate syzbot reported an UAF in defaultoperstate 1 Issue is a race between device and netns dismantles. After calling rtnlunlock from netdevruntodo, we can not assume the netns of each devic...

Malicious code in id-assert-authz-grant-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17fc73e5465b1055fbe2c1e33fd53d7b12d3ba44276ed9b4bdd77537d89dba51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-20139

In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600...

CVE-2024-20139

In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600...

SUSE CVE-2024-46866

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in showmeminfo bomeminfo wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. Grab...

CVE-2024-46811

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index may exceed array range within fpuupdatebwboundingbox Why Coverity reports OVERRUN warning. soc.numstates could be 40. But array range of bwparams-clktable.entries is 8. How Assert if soc.numstates great...

CVE-2024-46811

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index may exceed array range within fpuupdatebwboundingbox Why Coverity reports OVERRUN warning. soc.numstates could be 40. But array range of bwparams-clktable.entries is 8. How Assert if soc.numstates great...

UBUNTU-CVE-2024-46866

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in showmeminfo bomeminfo wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. Grab...

CVE-2024-46811 drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index may exceed array range within fpuupdatebwboundingbox Why Coverity reports OVERRUN warning. soc.numstates could be 40. But array range of bwparams-clktable.entries is 8. How Assert if soc.numstates great...

ROS-20240923-02

Vulnerability of ANGLE library in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

CVE-2024-42268

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlinkremotereloadactionsperforme...

CVE-2024-42268

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlinkremotereloadactionsperforme...

CVE-2024-42268

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlinkremotereloadactionsperforme...