CVE-2024-40908

In the Linux kernel, the following vulnerability has been resolved: bpf: Set run context for rawtp testrun callback syzbot reported crash when rawtp program executed through the testrun interface calls bpfgetattachcookie helper or any other helper that touches task-bpfctx pointer. Setting the run...

UBUNTU-CVE-2022-48848

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Do not unregister events twice Nicolas reported that using: trace-cmd record -e all -M 10 -p osnoise --poll Resulted in the following kernel warning: ------------ cut here ------------ WARNING: CPU: 0 PID: 1217 a...

CVE-2022-48780

In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies of these callback...

DEBIAN-CVE-2022-48780

In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies of these callback...

CVE-2022-48780

In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies of these callback...

CVE-2022-48780 net/smc: Avoid overwriting the copies of clcsock callback functions

In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies of these callback...

CVE-2022-48780

CVE-2022-48780 (Linux kernel) : The vulnerability in net/smc arises from overwriting clcsock callback function pointers during multiple fallbacks, which can create a loop: clcsk->sk_error_report → smc_fback_error_report → smc_fback_forward_wakeup → clcsock_callback overwritten → smc->clcsk_...

CVE-2022-48780 net/smc: Avoid overwriting the copies of clcsock callback functions

In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies of these callback...

CVE-2022-48780 net/smc: Avoid overwriting the copies of clcsock callback functions

In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies of these callback...

CVE-2024-39500

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

UBUNTU-CVE-2024-40925

In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e "blk-flush: reuse rq queuelist in flush state machine". The root cause is that we use...

CVE-2024-40925 block: fix request.queuelist usage in flush

In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e "blk-flush: reuse rq queuelist in flush state machine". The root cause is that we use...

CVE-2024-40908 bpf: Set run context for rawtp test_run callback

In the Linux kernel, the following vulnerability has been resolved: bpf: Set run context for rawtp testrun callback syzbot reported crash when rawtp program executed through the testrun interface calls bpfgetattachcookie helper or any other helper that touches task-bpfctx pointer. Setting the run...

CVE-2024-40908 bpf: Set run context for rawtp test_run callback

In the Linux kernel, the following vulnerability has been resolved: bpf: Set run context for rawtp testrun callback syzbot reported crash when rawtp program executed through the testrun interface calls bpfgetattachcookie helper or any other helper that touches task-bpfctx pointer. Setting the run...

CVE-2024-39500 sock_map: avoid race between sock_map_close and sk_psock_put

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

CVE-2024-0619

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...

Malicious code in sap-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f0b91bc0b188eccdbfa45b832c2b83829cf849c65f51d2c5cb8c9896a210cb5e The OpenSSF Package Analysis project identified 'sap-callback' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2024-39491 ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of csdsp instance The csdsp instance is initialized in the driver probe so it should be freed in the driver remove. Also fix a missing call to csdspremove in the error path of cs35l56hdacommonprob...

CVE-2024-39491 ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of csdsp instance The csdsp instance is initialized in the driver probe so it should be freed in the driver remove. Also fix a missing call to csdspremove in the error path of cs35l56hdacommonprob...

SUSE CVE-2024-39484

In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using exit for the remove function results in the remove callback being discarded with CONFIGMMCDAVINCI=y. When such a device gets unbound e.g. using sysfs or...