CVE-2024-34475

Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmmstateauthentication in amf/gmm-sm.c for != OGSERROR...

CVE-2024-34476

Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogsnasencrypt in lib/nas/common/security.c for pkbuf-len...

SUSE CVE-2024-27069

In the Linux kernel, the following vulnerability has been resolved: ovl: relax WARNON in ovlverifyarea syzbot hit an assertion in copy up data loop which looks like it is the result of a lower file whose size is being changed underneath overlayfs. This type of use case is documented to cause...

CVE-2024-34476

Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogsnasencrypt in lib/nas/common/security.c for pkbuf-len...

CVE-2024-34476

Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogsnasencrypt in lib/nas/common/security.c for pkbuf-len...

PT-2024-25927 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open5GS versions prior to 2.7.1 Description: The issue is related to a reachable assertion that can cause an AMF crash via NAS messages from a UE. This occurs due to improper handling of the pkbuf-len variable in the ogs nas encrypt function...

CVE-2024-34476

Open5GS before 2.7.1 is affected by CVE-2024-34476 due to a reachable assertion in ogs_nas_encrypt (lib/nas/common/security.c) when processing NAS messages from a UE, related to pkbuf->len. This can cause an AMF crash. Evidence across multiple sources confirms the affected software and the und...

CVE-2024-34475

Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmmstateauthentication in amf/gmm-sm.c for != OGSERROR...

GLSA-202405-02 : ImageMagick: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-02 ImageMagick: Multiple Vulnerabilities - A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system...

SUSE CVE-2024-26937

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete befo...

CVE-2024-27069 ovl: relax WARN_ON in ovl_verify_area()

In the Linux kernel, the following vulnerability has been resolved: ovl: relax WARNON in ovlverifyarea syzbot hit an assertion in copy up data loop which looks like it is the result of a lower file whose size is being changed underneath overlayfs. This type of use case is documented to cause...

CVE-2024-27069

CVE-2024-27069 affects the Linux kernel overlayfs ovl_verify_area path. The issue was a WARN_ON assertion triggered by syzbot’s copy-up loop when a lower file’s size changes underneath overlayfs. The documented fix relaxes the WARN_ON in ovl_verify_area and aligns error handling (returning EIO fo...

CVE-2024-27069 ovl: relax WARN_ON in ovl_verify_area()

In the Linux kernel, the following vulnerability has been resolved: ovl: relax WARNON in ovlverifyarea syzbot hit an assertion in copy up data loop which looks like it is the result of a lower file whose size is being changed underneath overlayfs. This type of use case is documented to cause...

CVE-2024-27069

In the Linux kernel, the following vulnerability has been resolved: ovl: relax WARNON in ovlverifyarea syzbot hit an assertion in copy up data loop which looks like it is the result of a lower file whose size is being changed underneath overlayfs. This type of use case is documented to cause...

CVE-2024-26937 drm/i915/gt: Reset queue_priority_hint on parking

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete befo...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution

A flaw was found in the bind package. This issue may allow an attacker to query in a DNS64 enabled resolver node with a domain name triggering a server-stale data, triggering a code assertion, and resulting in a crash of named processes. This can allow a remote unauthenticated user to cause a...

bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled

A flaw was found in the bind package which may result in a Denial of Service in named process. This is a result of a reachable assertion, leading named to prematurely terminate when both conditions are met: nxdomain-redirect for the queried domain is configured and the resolver receives a PTR...

avahi: Reachable assertion in dbus_set_host_name

A vulnerability was found in Avahi. A reachable assertion exists in the dbussethostname function...

avahi: Reachable assertion in avahi_alternative_host_name

A vulnerability was found in Avahi. A reachable assertion exists in the avahialternativehostname function...