259 matches found
CVE-2022-49062
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefilessetvolumexattr Use the actual length of volume coherency data when setting the xattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in...
CVE-2022-49062 cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefilessetvolumexattr Use the actual length of volume coherency data when setting the xattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in...
CVE-2022-49062
The CVE-2022-49062 issue affects the Linux kernel component cachefiles, specifically a KASAN slab-out-of-bounds in cachefiles_set_volume_xattr. The bug arose when the code did not use the actual length of volume coherency data while setting the xattr, leading to an out-of-bounds write (noted in K...
CVE-2022-49062 cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefilessetvolumexattr Use the actual length of volume coherency data when setting the xattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in...
CVE-2022-49062 cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefilessetvolumexattr Use the actual length of volume coherency data when setting the xattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from cachefilessetvolumexattr not properly using the actual length of the volume consistency data, which could le...
The vulnerability of the `cachefiles_ondemand_clean_object()` function (fs/cachefiles/ondemand.c) in the Linux kernel allows a malicious actor to exploit their privileges.
The vulnerability of the cachefilesondemandcleanobject function fs/cachefiles/ondemand.c in the Linux kernel is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of the `cachefiles_ondemand_send_req()` function (fs/cachefiles/ondemand.c) in the Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the cachefilesondemandsendreq function fs/cachefiles/ondemand.c in the Linux kernel is related to incorrect resource locking. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the cachefiles component in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the cachefiles component in the Linux operating system’s kernel is related to improper locking mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: cachefiles: A consistency check has been added for copen/cread operations. This prevents malicious processes from executing random copen/cread requests, which could potentially crash the system. The added checks are as follows...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cachefiles: All requests are flushed after setting CACHEFILESDEAD. In ondemand mode, when the daemon is processing an open request, if the kernel marks the cache as CACHEFILESDEAD, the cachefilesdaemonwrite function will always...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Cyclic allocation of msgid to avoid reuse. Reusing the msgid after a maliciously completed reopen request may cause a read request to remain unprocessed, resulting in a hung task, as shown below: t1 | t2 | t3...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fixed the slab-use-after-free issue in cachefileswithdrawcookie We encountered the following issue during our fault injection stress test: ================================================================== BUG: KASAN:...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: cachefiles: fixed a slab-use-after-free in fscachewithdrawvolume We encountered the following issue during our fault injection stress test: ================================================================== BUG: KASAN:...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set the object to close if ondemandid 0 in copen. If copen is called maliciously in user mode, it may delete the request corresponding to the random ID. Moreover, the request may not have been read yet...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “cachefiles”: requests are removed from xarray during flushing of requests. Even when the CACHEFILESDEAD flag is set, we can still read the requests. Therefore, in concurrent scenarios, a request may be accessed after it has been...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: sched: schmultiq: fix possible OOB write in multiqtune CVE-2024-36978 In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-41014: xfs: add bounds checking to xlogrecoverprocessdata bsc1228408. CVE-2024-41013: xfs: do not walk off the end of a directory data block bsc1228405...
Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2024-40921: net: bridge: mst: pass vlan group directly to brmstvlansetstate bsc1227784. CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in brmstsetstate bsc1227781...
Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: CVE-2024-40921: net: bridge: mst: pass vlan group directly to brmstvlansetstate bsc1227784. CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in brmstsetstate bsc1227781...