1203 matches found
SUSE CVE-2024-41035
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore see the Closes: tag below caused by our assumption that the reserved bits in an endpoint descriptor's...
Elliptic 安全漏洞
Elliptic is a library of fast elliptic curve ciphers in javascript by the individual developer Fedor Indutny. A security vulnerability exists in Elliptic version 6.5.6, which stems from a lack of checking whether the leading bits of r and s are zero, and thus an ECDSA signature extensibility issu...
CVE-2024-42102 Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"
In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wbdirtylimits, again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch...
DEBIAN-CVE-2024-41035
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore see the Closes: tag below caused by our assumption that the reserved bits in an endpoint descriptor's...
UBUNTU-CVE-2024-41035
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore see the Closes: tag below caused by our assumption that the reserved bits in an endpoint descriptor's...
CVE-2024-41035 USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore see the Closes: tag below caused by our assumption that the reserved bits in an endpoint descriptor's...
CVE-2024-41035
CVE-2024-41035 (Linux kernel USB core) : A duplicate-endpoint bug in usbcore was caused by assuming bEndpointAddress reserved bits are always 0, making endpoint_is_duplicate() misclassify descriptors that share direction and endpoint number. The fix clears the reserved bits when parsing endpoint ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the assumption that reserved bits are always 0 when parsing endpoint descriptors, which could lead to incorrectl...
AZL-43708 CVE-2024-34703 affecting package botan2 2.14.0-2
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameter...
CVE-2024-34703
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameter...
UBUNTU-CVE-2024-36244
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time...
OESA-2024-1737 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client...
New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers
Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional...
kernel: mtd: require write permissions for locking and badblock ioctls
A flaw was found in the Linux Kernel, requiring write permissions for locking and badblock ioctls, as they modify protection bits...
kernel: mtd: require write permissions for locking and badblock ioctls
A flaw was found in the Linux Kernel, requiring write permissions for locking and badblock ioctls, as they modify protection bits...
CVE-2024-36964
In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set among others the suid bit. This was presumably not the intent since the unix extende...
SUSE CVE-2024-36943
In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: fix loss of young/dirty bits during pagemap scan makeuffdwppte was previously doing: pte = ptepgetptep; ptepmodifyprotstartptep; pte = ptemkuffdwppte; ptepmodifyprotcommitptep, pte; But if another thread accessed...
SUSE CVE-2024-36964
In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set among others the suid bit. This was presumably not the intent since the unix extende...
CVE-2024-36943
In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: fix loss of young/dirty bits during pagemap scan makeuffdwppte was previously doing: pte = ptepgetptep; ptepmodifyprotstartptep; pte = ptemkuffdwppte; ptepmodifyprotcommitptep, pte; But if another thread accessed...
DEBIAN-CVE-2024-36964
In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set among others the suid bit. This was presumably not the intent since the unix extende...