CVE-2024-49980 vrf: revert "vrf: Remove unnecessary RCU-bh critical section"

In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmitnit is expected to be called with BH disabled. devqueuexmit has the following: / Disable soft...

CVE-2024-49959 jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error

In the Linux kernel, the following vulnerability has been resolved: jbd2: stop waiting for space when jbd2cleanupjournaltail returns error In jbd2logwaitforspace, we might call jbd2cleanupjournaltail to recover some journal space. But if an error occurs while executing jbd2cleanupjournaltail e.g....

CVE-2024-49959 jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error

In the Linux kernel, the following vulnerability has been resolved: jbd2: stop waiting for space when jbd2cleanupjournaltail returns error In jbd2logwaitforspace, we might call jbd2cleanupjournaltail to recover some journal space. But if an error occurs while executing jbd2cleanupjournaltail e.g....

CVE-2024-49901 drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msmgpu-pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 "drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails" where msmgpucleanup :...

CVE-2024-49880 ext4: fix off by one issue in alloc_flex_gd()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in allocflexgd Wesley reported an issue: ================================================================== EXT4-fs dm-5: resizing filesystem from 7168 to 786432 blocks ------------ cut here -----------...

CVE-2024-49880

The CVE-2024-49880 entry concerns an off-by-one in ext4 resizing logic (alloc_flex_gd) leading to a kernel BUG in resize operations (resize2fs) when resizing a filesystem. The vulnerability is addressed by a patch that removes the problematic +1 (and adds a WARN_ON_ONCE) to ensure flex_gd->res...

CVE-2024-49868 btrfs: fix a NULL pointer dereference when failed to start a new trasacntion

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion BUG Syzbot reported a NULL pointer dereference with the following crash: FAULTINJECTION: forcing a failure. starttransaction+0x830/0x1670...

CVE-2024-49868 btrfs: fix a NULL pointer dereference when failed to start a new trasacntion

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion BUG Syzbot reported a NULL pointer dereference with the following crash: FAULTINJECTION: forcing a failure. starttransaction+0x830/0x1670...

CVE-2024-49863 vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()

In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhostscsigetreq Since commit 3f8ca2e115e5 "vhost/scsi: Extract common handling code from control queue handler" a null pointer dereference bug can be triggered when guest sends an SCSI AN...

CVE-2024-49854 block, bfq: fix uaf for accessing waker_bfqq after splitting

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing wakerbfqq after splitting After commit 42c306ed7233 "block, bfq: don't break merge chain in bfqsplitbfqq", if the current procress is the last holder of bfqq, the bfqq can be freed after...

CVE-2024-47711

In the Linux kernel, the following vulnerability has been resolved: afunix: Don't return OOB skb in manageoob. syzbot reported use-after-free in unixstreamrecvurg. 0 The scenario is 1. sendMSGOOB 2. recvMSGOOB - The consumed OOB remains in recv queue 3. sendMSGOOB 4. recv - manageoob returns the...

CVE-2024-47751

CVE-2024-47751 affects the Linux kernel PCI Kirin driver, where kirin_pcie_parse_port() could access beyond pcie->gpio_id_reset/MAX_PCI_SLOTS due to num_slots handling. The fix changes the condition to pcie->num_slots + 1 >= MAX_PCI_SLOTS and moves the increment of num_slots below the ch...

CVE-2024-47738

CVE-2024-47738 affects the Linux kernel’s wifi subsystem (mac80211). The vulnerability lies in handling rate masks for offchannel TX, where an incorrect rate mask could trigger a -EINVAL/unsupported rate warning. The advisory notes that the root cause was traced to a chain of commits, with the pr...

CVE-2024-47738 wifi: mac80211: don't use rate mask for offchannel TX either

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't use rate mask for offchannel TX either Like the commit ab9177d83c04 "wifi: mac80211: don't use rate mask for scanning", ignore incorrect settings to avoid no supported rate warning reported by syzbot. The...

CVE-2024-47694 IB/mlx5: Fix UMR pd cleanup on error flow of driver init

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix UMR pd cleanup on error flow of driver init The cited commit moves the pd allocation from function mlx5rumrresourcecleanup to a new function mlx5rumrcleanup. So the fix in commit 1 is broken. In error flow, will hit...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer reference issue in the commitplanesforstream function in the drm/amd/display component...

PT-2024-33854

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.10.0+ Description: A problem was fixed in the Linux kernel involving a bug in the ext4 fast-commit replay path. This issue can be triggered with fstest generic/629 on a filesystem with the fast-commit feature...

CVE-2024-49400

Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That...

PT-2024-33270 · Putongoj · Putongoj

Name of the Vulnerable Software and Affected Versions: PutongOJ versions prior to 2.1.0-beta.1 Description: PutongOJ is online judging software. Unprivileged users can escalate privileges by constructing requests, leading to unauthorized access and enabling users to perform admin-level operations...

DEBIAN-CVE-2024-44337

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...