UBUNTU-CVE-2022-48707

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset callback. The CXL specification allows a host bridge with a single root port to have no explicit HDM decoders. Currently the region driv...

CVE-2023-52859

CVE-2023-52859 affects the Linux kernel perf: hisi uncore PMU registration. A use-after-free can occur when the PMU register path fails and the uncore PMU offline callback is invoked, potentially migrating the PMU context. The fix replaces cpuhp_state_remove_instance() with cpuhp_state_remove_ins...

CVE-2022-48707

CVE-2022-48707 (Linux kernel, cxl/region) : The issue arises when destroying a region that includes a host bridge with a single root port and a decoupled HDM/CXL device, where the region driver creates a special pass-through decoder without a commit/reset callback. Before the fix, the ->reset(...

CVE-2021-47275

In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper location from the internal B+ tree is matched for a cache miss range, function cacheddevcachemiss will b...

UBUNTU-CVE-2021-47402

In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect flwalk with rcu Patch that refactored flwalk to use idrforeachentrycontinueul also removed rcu protection of individual filters which causes following use-after-free when filter is deleted concurrently...

GHSA-VR85-5PWX-C6GQ OMERO.web must check that the JSONP callback is a valid function

Background There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is /webclient/imgData/.... As we only really use these endpoints with jQuery's own callback name generation ^1 it is quite...

OMERO.web must check that the JSONP callback is a valid function

Background There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is /webclient/imgData/.... As we only really use these endpoints with jQuery's own callback name generation ^1 it is quite...

CVE-2024-35180

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...

CVE-2024-35180 OMERO.web JSONP callback vulnerability

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...

CVE-2024-35180 OMERO.web JSONP callback vulnerability

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...

CVE-2024-35180 OMERO.web JSONP callback vulnerability

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...

CVE-2024-35180

CVE-2024-35180 affects OMERO.web and arises from lack of escaping/validation of the JSONP callback parameter on endpoints with JSONP enabled. The vulnerability can be triggered via the callback parameter used by JSONP-enabled endpoints (e.g., webclient/imgData/...); this issue existed in OMERO.we...

SUSE CVE-2024-35989

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid...

OMERO.web 安全漏洞

OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A security vulnerability exists in OMERO.web version 5.25.0 and earlier, which stems from the inability to escape or validate the callback parameter...

CVE-2024-35971

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Handle softirqs at the end of IRQ thread to fix hang The ks8851irq thread may call ks8851rxpkts in case there are any packets in the MAC FIFO, which calls netifrx. This netifrx implementation is guarded by...

DEBIAN-CVE-2024-35929

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARNONONCE in the rcunocbbypasslock For the kernels built with CONFIGRCUNOCBCPUDEFAULTALL=y and CONFIGRCULAZY=y, the following scenarios will trigger WARNONONCE in the rcunocbbypasslock and rcunocbwaitcontended...

UBUNTU-CVE-2024-35929

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARNONONCE in the rcunocbbypasslock For the kernels built with CONFIGRCUNOCBCPUDEFAULTALL=y and CONFIGRCULAZY=y, the following scenarios will trigger WARNONONCE in the rcunocbbypasslock and rcunocbwaitcontended...

CVE-2023-52673

A vulnerability was found in the Linux kernel's drm/amd/display subsystem, specifically related to a null pointer dereference issue in debugfs. This issue could lead to a system crash or other unintended behavior when certain debugging features are used. Mitigation Mitigation for this issue is...

CVE-2024-35809

In the Linux kernel, the following vulnerability has been resolved: PCI/PM: Drain runtime-idle callbacks before driver removal A race condition between the .runtimeidle callback and the .remove callback in the rtsxpcr PCI driver leads to a kernel crash due to an unhandled page fault 1. The proble...

DEBIAN-CVE-2023-52673

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugfs null pointer error WHY & HOW Check whether getsubvpen callback exists before calling it...