kernel: tls: race between async notify and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete; any code past that point risks touching already freed data. This could lead to a use-after-free issue an...

kernel: Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcildisc,serdev: check percpuinitrwsem failure syzbot is reporting NULL pointer dereference at hciuartttyclose 1, for rcusyncenter is called without rcusyncinit due to hciuartttyopen ignoring percpuinitrwsem failure...

kernel: scsi: target: iscsit: Free cmds before session free

A use-after-free vulnerability was found in the Linux kernel's iSCSI target subsystem. When the Time2Retain timer expires and an iSCSI session is being cleaned up, commands from recovery entries are freed after the session has already been closed. This leads to a NULL pointer dereference or...

DEBIAN-CVE-2022-48662

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915gemcontext.link under ref protection i915perf assumes that it can use the i915gemcontext reference to protect its i915-gem.contexts.list iteration. However, this requires that we do not remove the...

CLSA-2024-1714066220 Fix CVE(s): CVE-2022-48624

SECURITY UPDATE: shell-quote filenames when invoking LESSCLOSE. - debian/patches/CVE-2022-48624.patch: Fix closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. - CVE-2022-48624...

CVE-2024-26923

CVE-2024-26923 is a Linux kernel vulnerability in AF_UNIX garbage collection. The race occurs when a GC pass enqueues an embryo that has a peer carrying SCM_RIGHTS, causing the inflight set to differ between passes. This can leave a dangling pointer in the gc_inflight_list and may lead to memory ...

SUSE CVE-2024-32650

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

DEBIAN-CVE-2024-32650

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

`rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

If a closenotify alert is received during a handshake, completeio does not terminate. Callers which do not call completeio are not affected. rustls-tokio and rustls-ffi do not call completeio and are not affected. rustls::Stream and rustls::StreamOwned types use completeio and are affected...

CLSA-2024-1713523278 less: Fix of CVE-2022-48624

CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...

SUSE CVE-2024-26831

In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, handshakereqdestroytest1 started failing: Expected handshakereqdestroytest == req, but handshakereqdestroytest == 0000000000000000 req == 0000000060f99b40 not ok 11 reqdestroy...

PT-2024-24744

Name of the Vulnerable Software and Affected Versions rustls versions prior to 0.21.11 rustls versions prior to 0.22.4 rustls versions prior to 0.23.5 Description The rustls::ConnectionCommon::complete io function could fall into an infinite loop based on network input. When using a blocking rust...

Rustls 安全漏洞

Rustls is a modern TLS library in Rust open-sourced by Rustls. A security vulnerability exists in Rustls versions prior to 0.23.5, 0.22.4, and 0.21.11, which stems from an infinite loop in the server's completeio if a client sends a closenotify message immediately after clienthello when using a...

less: missing quoting of shell metacharacters in LESSCLOSE handling

A flaw was found in less. The closealtfile function in filename.c omits shellquote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system...

DEBIAN-CVE-2024-26831

In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, handshakereqdestroytest1 started failing: Expected handshakereqdestroytest == req, but handshakereqdestroytest == 0000000000000000 req == 0000000060f99b40 not ok 11 reqdestroy...

UBUNTU-CVE-2024-26831

In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, handshakereqdestroytest1 started failing: Expected handshakereqdestroytest == req, but handshakereqdestroytest == 0000000000000000 req == 0000000060f99b40 not ok 11 reqdestroy...

CVE-2024-26831

In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, handshakereqdestroytest1 started failing: Expected handshakereqdestroytest == req, but handshakereqdestroytest == 0000000000000000 req == 0000000060f99b40 not ok 11 reqdestroy...

CVE-2024-32522

Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1...

CVE-2024-32522

CVE-2024-32522 describes a Missing Authorization vulnerability in the Open Close WooCommerce Store plugin by Jaed Mosharraf & Pluginbazar Team. The vulnerability affects the Open Close WooCommerce Store plugin version range from n/a up to 4.9.1, per the initial description and RH Red Hat entry wh...

CVE-2024-32522 WordPress Open Close WooCommerce Store plugin <= 4.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1...