Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching...

kernel: bonding: stop the device in bond_setup_by_slave()

In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bondsetupbyslave Commit 9eed321cde22 "net: lapbether: only support ethernet devices" has been able to keep syzbot away from net/lapb, until today. In the following splat 1, the issue is that a lapbethe...

AZL-47624 CVE-2024-42232 affecting package kernel for versions less than 5.15.164.1-1

In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayedwork and cephmoncstop The way the delayed work is handled in cephmoncstop is prone to races with monfault and possibly also finishhunting. Both of these can requeue the delayed work which wouldn't...

DEBIAN-CVE-2024-42232

In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayedwork and cephmoncstop The way the delayed work is handled in cephmoncstop is prone to races with monfault and possibly also finishhunting. Both of these can requeue the delayed work which wouldn't...

UBUNTU-CVE-2024-42232

In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayedwork and cephmoncstop The way the delayed work is handled in cephmoncstop is prone to races with monfault and possibly also finishhunting. Both of these can requeue the delayed work which wouldn't...

SUSE CVE-2024-41020

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 "filelock: Remove locks reliably when fcntl/close race is detected", I missed that there are two copies of the code I was patching: The normal...

SUSE CVE-2024-41957

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

SUSE CVE-2024-42075

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arenavmclose...

DEBIAN-CVE-2024-41957

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

AZL-47340 CVE-2024-41957 affecting package vim for versions less than 9.0.2121-4

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

CVE-2024-41020

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 "filelock: Remove locks reliably when fcntl/close race is detected", I missed that there are two copies of the code I was patching: The normal...

AZL-47065 CVE-2024-42075 affecting package kernel for versions less than 5.15.162.2-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arenavmclose...

UBUNTU-CVE-2024-42075

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arenavmclose...

UBUNTU-CVE-2024-41020

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 "filelock: Remove locks reliably when fcntl/close race is detected", I missed that there are two copies of the code I was patching: The normal...

CVE-2024-41020 filelock: Fix fcntl/close race recovery compat path

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 "filelock: Remove locks reliably when fcntl/close race is detected", I missed that there are two copies of the code I was patching: The normal...

CVE-2024-41020 filelock: Fix fcntl/close race recovery compat path

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 "filelock: Remove locks reliably when fcntl/close race is detected", I missed that there are two copies of the code I was patching: The normal...

CVE-2024-41020

CVE-2024-41020 (Linux kernel) is addressed in IBM Storage Scale bulletin as part of a broader set of kernel fixes. The entry notes a filelock race involving fcntl/close that was backported to the compat path for 32-bit kernels, mirroring an earlier patch for the normal path. The connected IBM bul...

WordPress One Click Close Comments plugin <= 2.7.1 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin One Click Close Comments versions = 2.7.1...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a race condition between closing a socket and receiving a callback because the former releases the socket and th...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a mremap operation not being accounted for in the bpf arena logic, which requires reference counts to be add...