kernel: octeontx2-af: race condition on interupts

A race condition vulnerability was found in the Linux kernel. When AF and PF interrupts are raised at the same time in the CPU, two cores serve same event, corrupting the data...

SUSE CVE-2024-40998

In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimitstate-lock access in ext4fillsuper In the following concurrency we will access the uninitialized rs-lock: ext4fillsuper ext4registersysfs // sysfs registered msgratelimitintervalms // Other...

UBUNTU-CVE-2024-40900

In the Linux kernel, the following vulnerability has been resolved: cachefiles: remove requests from xarray during flushing requests Even with CACHEFILESDEAD set, we can still read the requests, so in the following concurrency the request may be used after it has been freed: mount | daemonthread1...

SUSE CVE-2023-52855

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In dwc2hcdurbenqueue, "urb-hcpriv = NULL" is executed without holding the lock "hsotg-lock". In dwc2hcdurbdequeue: spinlockirqsave&hsotg-lock, flags;...

SUSE CVE-2021-47292

In the Linux kernel, the following vulnerability has been resolved: iouring: fix memleak in ioinitwqoffload I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 size 96: comm "syz-executor.6", pid 4610, jiffies 4295140240 age 20.135s hex dump firs...

UBUNTU-CVE-2023-52855

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In dwc2hcdurbenqueue, "urb-hcpriv = NULL" is executed without holding the lock "hsotg-lock". In dwc2hcdurbdequeue: spinlockirqsave&hsotg-lock, flags;...

kernel: dm: fix a race condition in retrieve_deps

A use-after-free flaw was found in the Linux kernel's device-mapper multipath implementation. A race condition exists between retrievedeps and multipathmessage when devices are added or removed. The retrievedeps function walks the device list without holding a lock while multipathmessage can modi...

BIT-TOMCAT-2021-43980 Apache Tomcat: Information disclosure

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.18, 9.0.0 to 9.0.60 and 8.5.0 to 8.5.77 that could...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from the fact that although this code is executed while holding a waitlock, the reader can acquire a lock without holding a waitlock...

kernel: mt76: fix use-after-free by removing a non-RCU wcid pointer

A vulnerability was found in the Linux kernel's mt76 wi-fi driver. A concurrency bug causes the mtxq TX queue to maintain a raw pointer to a wcid structure mtxq-wcid that might be freed by the time it is accessed. This issue can lead to a use-after-free scenario, leading to system instability,...

Important: tomcat9

Issue Overview: The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5...

Important: tomcat8

Issue Overview: The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5...

MGASA-2023-0138 Updated tomcat packages fix security vulnerability

Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...

SUSE CVE-2019-9003

In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmimsghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop...

SUSE CVE-2020-12769

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dwspiirq and dwspitransferone, aka CID-19b61392c5a8...

SUSE CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2022:4009-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4009-1 advisory. - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long...

kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources

A use-after-free vulnerability was found in drmleaseheld in drivers/gpu/drm/drmlease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service DoS or a kernel information leak...

Debian DSA-5265-1 : tomcat9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5265 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the...

Debian dla-3160 : libtomcat9-embed-java - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3160 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3160-1 [email protected]...