1530 matches found
CVE-2022-49297
In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for more than 368 seconds. Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca 884 "echo 0...
CVE-2022-49167
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not double complete bio on errors during compressed reads I hit some weird panics while fixing up the error handling from btrfslookupbiosums. Turns out the compression path will complete the bio we use if we set up any ...
DEBIAN-CVE-2022-49167
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not double complete bio on errors during compressed reads I hit some weird panics while fixing up the error handling from btrfslookupbiosums. Turns out the compression path will complete the bio we use if we set up any ...
UBUNTU-CVE-2022-49167
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not double complete bio on errors during compressed reads I hit some weird panics while fixing up the error handling from btrfslookupbiosums. Turns out the compression path will complete the bio we use if we set up any ...
CVE-2022-49685
CVE-2022-49685 affects the Linux kernel in the iio: trigger: sysfs path, where a use-after-free occurs in irq_work_run_list when removing a trigger. The advisory states the fix is to ensure that irq_work has completed before the trigger is freed, mitigating a use-after-free in the kernel’s IIO sy...
CVE-2022-49685 iio: trigger: sysfs: fix use-after-free on remove
In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irqworkrunlist...
CVE-2022-49685 iio: trigger: sysfs: fix use-after-free on remove
In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irqworkrunlist...
CVE-2022-49536 scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: nativequeuedspinlockslowpath+0x192 rawspinlockirqsave+0x32 lpfchandlefcperr+0x4...
CVE-2022-49536
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: nativequeuedspinlockslowpath+0x192 rawspinlockirqsave+0x32 lpfchandlefcperr+0x4...
CVE-2022-49534 scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGIRJT There is a potential memory leak in lpfcignoreelscmpl and lpfcelsrspreject that was allocated from NPIV PLOGIRJT lpfcrcvplogi's loginmbox. Check if...
CVE-2022-49297 nbd: fix io hung while disconnecting device
In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for more than 368 seconds. Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca 884 "echo 0...
CVE-2022-49217 scsi: pm8001: Fix abort all task initialization
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xxsendabortall, the nelem field of the ccb used is not initialized to 0. This missing initialization sometimes lead to the task completion path seeing the ccb with a non-zero...
CVE-2022-49167
The CVE-2022-49167 entry concerns a Linux kernel issue in btrfs where the compression path could cause a bio to be completed twice on error. The connected documents describe the root cause as the path that handles compressed reads potentially ending the bio both in the compression path and again ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from ignoring multiple connection completion events, which could lead to memory corruption...
Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2025-849)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-849 advisory. In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that...
UBUNTU-CVE-2023-52926
In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when read i/o returned 0 except for -EAGAIN and -EIOCBQUEUED return. This can lead to a potential use-after-free when the completion via iorwdone runs at separate...
OESA-2025-1160 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command...
OESA-2025-1159 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command...
Important: emacs
Issue Overview: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs ...
SUSE CVE-2023-52903
In the Linux kernel, the following vulnerability has been resolved: iouring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at iouring/iouring.c:734 iocqringeventoverflow+0x1c0/0x230 iouring/iouring.c:734 CPU: 0 PID: 28 Comm:...