UBUNTU-CVE-2024-50027

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Free tzp copy along with the thermal zone The object pointed to by tz-tzp may still be accessed after being freed in thermalzonedeviceunregister, so move the freeing of it to the point after the removal completion...

CVE-2024-50030

CVE-2024-50030 refers to a Linux kernel vulnerability in drm/xe/ct where a use-after-free (UAF) could occur due to fence/timeout interactions. The fix serializes with the completion side by grabbing ct->lock after the wait to ensure correct ordering of dependent loads/stores and to prevent UAF...

CVE-2024-50030 drm/xe/ct: prevent UAF in send_recv()

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

CVE-2024-49993

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-47726

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

SUSE CVE-2024-47726

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

SUSE CVE-2024-49855

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

CVE-2024-47726

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

AZL-51257 CVE-2024-47726 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

AZL-51132 CVE-2024-47726 affecting package kernel for versions less than 5.15.179.1-1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

UBUNTU-CVE-2024-49855

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

CVE-2024-47729 drm/xe: Use reserved copy engine for user binds on faulting devices

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by using reserved copy engine for user binds o...

CVE-2024-47726 f2fs: fix to wait dio completion

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

CVE-2024-47726 f2fs: fix to wait dio completion

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

CVE-2024-47726

CVE-2024-47726 relates to the Linux kernel F2FS: a fix ensures all in-flight direct I/O (DIO) writes complete before removing blocks. The root cause was a race where a DIO could overwrite data in a block that would be reused by another inode if block removal occurred too early. Affected component...

CVE-2024-47726 f2fs: fix to wait dio completion

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

CVE-2024-47726

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

kernel: net/mlx5: Add a timeout to acquire the command queue semaphore

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...

CVE-2024-46760

...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-42287)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42287 advisory. - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early...