CVE-2024-53920

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to...

CVE-2024-53920

In GNU Emacs (elisp-mode.el) prior to 30.1, invoking elisp-completion-at-point on untrusted Emacs Lisp can trigger unsafe Lisp macro expansion, enabling arbitrary code execution. This also occurs if on-the-fly diagnosis causes byte compilation of untrusted code. Root cause: unsafe macro expansion...

Emacs -- Shell injection vulnerability

Problem Description: An Emacs user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to enable...

CVE-2024-53052 io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: fix missing NOWAIT check for ODIRECT start write When iouring starts a write, it'll call kiocbstartwrite to bump the super block rwsem, preventing any freezes from happening while that write is in-flight. The freeze...

kernel: dmaengine: idxd: Ensure safe user copy of completion record

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Ensure safe user copy of completion record If CONFIGHARDENEDUSERCOPY is enabled, copying completion record from event log cache to user triggers a kernel bug. 1987.159822 usercopy: Kernel memory exposure attempt...

SUSE CVE-2024-50236

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Fix memory leak in management tx In the current logic, memory is allocated for storing the MSDU context during management packet TX but this memory is not being freed during management TX completion. Similar leaks a...

nbd: fix race between timeout and normal completion

...

SUSE CVE-2024-50183

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...

DEBIAN-CVE-2024-50183

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...

CVE-2024-50183 scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...

CVE-2024-50183

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...

SUSE CVE-2024-50147

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGEPAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGEPAGES. In addition,...

Subverting LLM Coders

Really interesting research: "An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection": Abstract : Large Language Models LLMs have transformed code completion tasks, providing context-based suggestions to boost...

kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers

A use-after-free was found in drivers/gpu/drm/i915/gt/intelggttfencing.c in the Linux kernel. This issue can be caused by a race among revocation of fence registers on one side and sequential execution of signal callbacks invoked on completion of a request that was using them on the other,...

CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

SUSE CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

DEBIAN-CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

DEBIAN-CVE-2022-48985

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi workdone After calling napicompletedone, the NAPIFSTATESCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq-workdone. If the other thread for...

UBUNTU-CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...