629 matches found
CVE-2024-42268 net/mlx5: Fix missing lock on sync reset reload
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlinkremotereloadactionsperforme...
CVE-2024-42268 net/mlx5: Fix missing lock on sync reset reload
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlinkremotereloadactionsperforme...
CVE-2024-42266 btrfs: make cow_file_range_inline() honor locked_page on error
In the Linux kernel, the following vulnerability has been resolved: btrfs: make cowfilerangeinline honor lockedpage on error The btrfs buffered write path runs through extentwritepage which has some tricky return value handling for writepagedelalloc. Specifically, when that returns 1, we exit, bu...
CVE-2024-42266
In the Linux kernel, the following vulnerability has been resolved: btrfs: make cowfilerangeinline honor lockedpage on error The btrfs buffered write path runs through extentwritepage which has some tricky return value handling for writepagedelalloc. Specifically, when that returns 1, we exit, bu...
CVE-2024-42266 btrfs: make cow_file_range_inline() honor locked_page on error
In the Linux kernel, the following vulnerability has been resolved: btrfs: make cowfilerangeinline honor lockedpage on error The btrfs buffered write path runs through extentwritepage which has some tricky return value handling for writepagedelalloc. Specifically, when that returns 1, we exit, bu...
ROS-20240815-07
A vulnerability in the GNU C Library's nscd nameserver caching daemon is related to the returning a pointer outside the expected range. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the GNU C Library nscd nameserver caching daemon is...
SUSE CVE-2024-42118
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not return negative stream id for array WHY resourcestreamtostreamidx returns an array index and it return -1 when not found; however, -1 is not a valid array index number. HOW When this happens, call ASSERT,...
CVE-2024-42117
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: ASSERT when failing to find index by plane/stream id WHY finddispcfgidxbyplaneid and finddispcfgidxbystreamid returns an array index and they return -1 when not found; however, -1 is not a valid index number. HOW...
CVE-2024-42117 drm/amd/display: ASSERT when failing to find index by plane/stream id
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: ASSERT when failing to find index by plane/stream id WHY finddispcfgidxbyplaneid and finddispcfgidxbystreamid returns an array index and they return -1 when not found; however, -1 is not a valid index number. HOW...
CVE-2024-42117
CVE-2024-42117 affects the Linux kernel DRM/AMD display path. The root cause was that find_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id could return -1 and that value was used as an index, causing overrun/negative-return conditions. The fix is to return a valid positive index or ta...
CVE-2024-41067
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly BUG When running btrfs/060 with forced RST feature, it would crash the following ASSERT inside scrubreadendio: ASSERTsectornr nrsectors; Before that, we would have tree dump from...
GHSA-W5FC-GJ3H-26RX speaker vulnerable to Denial of Service
All versions of the package speaker are vulnerable to Denial of Service DoS when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash...
GHSA-VJPV-X8P9-7P85 images vulnerable to Denial of Service
All versions of the package images are vulnerable to Denial of Service DoS due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. Note: By providing some specific integer values like 0 to the size...
CVE-2024-21523
All versions of the package images are vulnerable to Denial of Service DoS due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. Note: By providing some specific integer values like 0 to the size...
CVE-2024-21526
All versions of the package speaker are vulnerable to Denial of Service DoS when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash...
CVE-2024-21523
All versions of the package images are vulnerable to Denial of Service DoS due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. Note: By providing some specific integer values like 0 to the size...
CVE-2024-21526
All versions of the package speaker are vulnerable to Denial of Service DoS when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash...
PT-2024-18940 · Speaker · Speaker
Name of the Vulnerable Software and Affected Versions: speaker affected versions not specified Description: The issue is related to a Denial of Service DoS condition that can occur when the channels property of the Speaker object receives unexpected input types, leading to an assert macro being...
RUSTSEC-2024-0369 phonenumber: panic on parsing crafted phonenumber inputs
Impact The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form...
phonenumber: panic on parsing crafted phonenumber inputs
Impact The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form...