CVE-2022-48877

In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extenttree is not created This patch avoids the below panic. pc : lookupextenttree+0xd8/0x760 lr : f2fsdowritedatapage+0x104/0x87c sp : ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27:...

CVE-2022-48877 f2fs: let's avoid panic if extent_tree is not created

In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extenttree is not created This patch avoids the below panic. pc : lookupextenttree+0xd8/0x760 lr : f2fsdowritedatapage+0x104/0x87c sp : ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27:...

AZL-51847 CVE-2024-43841 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: wifi: virtwifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virtwifi has advertised, the cfg80211connectresult will trigger the warning: WARNONbssnotfound. T...

UBUNTU-CVE-2024-42281

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gsosize Linearize the skb when downgrading gsosize because it may trigger a BUGON later when the skb is segmented as described in 1,2...

UBUNTU-CVE-2024-42299

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Update log-pagemask,bits if log-pagesize changed If an NTFS file system is mounted to another system with different PAGESIZE from the original system, log-pagesize will change in logreplay, but log-pagemask,bits don't...

Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report

In the 2024 Cloud Web Application and API Protection WAAP CyberRisk Comparative Validation Report from SecureIQLab, Imperva outperformed all other vendors in both security efficacy and operational efficiency. This comprehensive report, based on third-party testing, demonstrates Imperva's commitme...

kernel: net: core: reject skb_copy(_expand) for fraglist GSO skbs

In the Linux kernel, the following vulnerability has been resolved: net: core: reject skbcopyexpand for fraglist GSO skbs SKBGSOFRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skbcopy or skbcopyexpand, in order to prevent a crash on a...

kernel: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an IPv6-backed ipvlan device will hit WARNONONCE in skmcloop through schdirectxmit path. WARNING: CPU: 2 PID: 0 at net/core/sock.c:775...

SUSE CVE-2024-41063

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: cancel all works upon hciunregisterdev syzbot is reporting that calling hcireleasedev from hcierrorreset due to hcidevput from hcierrorreset can cause deadlock at destroyworkqueue, for hcierrorreset is called...

SUSE CVE-2024-42125

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband We have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz sband will be NULL even if it is WiFi 7 chip. So, add NULL handling here to avoid...

SUSE CVE-2024-42142

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-switch, Create ingress ACL when needed Currently, ingress acl is used for three features. It is created only when vport metadata match and prio tag are enabled. But active-backup lag mode also uses it. It is independe...

CVE-2024-40833

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user...

kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Release hbalock before calling lpfcworkerwakeup lpfcworkerwakeup calls the lpfcworkdone routine, which takes the hbalock. Thus, lpfcworkerwakeup should not be called while holding the hbalock to avoid potential deadlo...

SUSE CVE-2024-39305

Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be...

UBUNTU-CVE-2022-48773

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdmaepcreate If there are failures then we must not leave the non-NULL pointers with the error value, otherwise rpcrdmaepdestroy gets confused and tries free them, resulting in an...

DEBIAN-CVE-2024-40967

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the...

CVE-2024-40983

In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 "xfrm: Force a dst refcount before entering the xfrm type handlers": "Crypto requests might return asynchronous. In this case we leave the rcu...

CVE-2024-39468

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2findsmbtcon Unlock cifstcpseslock before calling cifsputsmbses to avoid such deadlock...

DEBIAN-CVE-2024-34030

In the Linux kernel, the following vulnerability has been resolved: PCI: ofproperty: Return error for intmap allocation failure Return -ENOMEM from ofpcipropintrmap if kcalloc fails to prevent a NULL pointer dereference in this case. bhelgaas: commit log...

UBUNTU-CVE-2024-38592

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddpcomp with devmkcalloc In the case where connroutes is true we allocate an extra slot in the ddpcomp array but mtkdrmcrtccreate never seemed to initialize it in the test case I ran. For me, this caused a late...