13692 matches found
SUSE-SU-2024:3151-1 Security update for buildah
This update for buildah fixes the following issues: Update to version 1.35.4: Bump to Buildah v1.35.4 CVE-2024-3727 updates bsc1224117 integration test: handle new labels in 'bud and test --unsetlabel' Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3:...
SUSE CVE-2024-44992
In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid possible NULL dereference in cifsfreesubrequest Clang static checker scan-build warning: cifsglob.h:line 890, column 3 Access to field 'ops' results in a dereference of a null pointer. Commit 519be989717c "cifs:...
CVE-2024-44992
In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid possible NULL dereference in cifsfreesubrequest Clang static checker scan-build warning: cifsglob.h:line 890, column 3 Access to field 'ops' results in a dereference of a null pointer. Commit 519be989717c "cifs:...
CVE-2024-44978
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xeexecqueueput Free job depends on job-vm being valid, the last xeexecqueueput can destroy the VM. Prevent UAF by freeing job before xeexecqueueput. cherry picked from commit...
CVE-2024-44992
In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid possible NULL dereference in cifsfreesubrequest Clang static checker scan-build warning: cifsglob.h:line 890, column 3 Access to field 'ops' results in a dereference of a null pointer. Commit 519be989717c "cifs:...
CVE-2024-44979
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xegtpagefault On driver reload we never free up the memory for the pagefault and access counter workqueues. Add those destroy calls here. cherry picked from commit...
CVE-2024-44992
In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid possible NULL dereference in cifsfreesubrequest Clang static checker scan-build warning: cifsglob.h:line 890, column 3 Access to field 'ops' results in a dereference of a null pointer. Commit 519be989717c "cifs:...
CVE-2024-44992
CVE-2024-44992 affects the Linux kernel CIFS/SMB client. A NULL dereference could occur in add_credits() when rdata->credits.value != 0 and rdata->server == NULL, due to missing server pointer checks. The fix (commit 519be989717c) adds a guard for rdata->server to prevent dereferencing s...
CVE-2024-44987 ipv6: prevent UAF in ip6_send_skb()
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6sendskb syzbot reported an UAF in ip6sendskb 1 After ip6localout has returned, we no longer can safely dereference rt, unless we hold rcureadlock. A similar issue has been fixed in commit a688caa34beb "ipv...
CVE-2024-44979
CVE-2024-44979 affects the Linux kernel: drm/xe component (xe_gt_pagefault) mishandled workqueue destruction, leading to potential memory retention on driver reload. A fix was applied to destroy the pagefault and access-counter workqueues, cherry-picked from commit 7586fc52b14e0b8edd0d1f8a434e0de...
CVE-2024-44978 drm/xe: Free job before xe_exec_queue_put
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xeexecqueueput Free job depends on job-vm being valid, the last xeexecqueueput can destroy the VM. Prevent UAF by freeing job before xeexecqueueput. cherry picked from commit...
CVE-2024-44978 drm/xe: Free job before xe_exec_queue_put
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xeexecqueueput Free job depends on job-vm being valid, the last xeexecqueueput can destroy the VM. Prevent UAF by freeing job before xeexecqueueput. cherry picked from commit...
CVE-2024-44976 ata: pata_macio: Fix DMA table overflow
In the Linux kernel, the following vulnerability has been resolved: ata: patamacio: Fix DMA table overflow Kolbjørn and Jonáš reported that their 32-bit PowerMacs were crashing in pata-macio since commit 09fe2bfa6b83 "ata: patamacio: Fix maxsegmentsize with PAGESIZE == 64K". For example: kernel B...
CVE-2024-44951
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is received on channel A at almost the same time as a packet is about to be transmitted on channel B, we observe with a logic analyzer that the received packet on...
FreeBSD-SA-24:14.umtx
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:14.umtx Security Advisory The FreeBSD Project Topic: umtx Kernel panic or Use-After-Free Category: core Module: kern Announced: 2024-09-04 Credits: Synacktiv...
The vulnerability of the ice component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the ice component in the Linux operating system’s kernel is related to the rapid removal and execution of the VF Commit process. Exploiting this vulnerability can allow an attacker to cause a service failure...
GHSA-7PMH-VRWW-25XX freewvs's nested directory structure can interrupt scan
Impact A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk. This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. Patches This has been fixed in this commit by limitin...
freewvs's nested directory structure can interrupt scan
Impact A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk. This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. Patches This has been fixed in this commit by limitin...
CVE-2024-8235
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterface...
OESA-2024-2077 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we...