540 matches found
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack CVE-2020-26555 kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number...
ALSA-2024:4211 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack CVE-2020-26555 kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number...
DEBIAN-CVE-2024-38663
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 "blk-cgroup: Optimize blkcgrstatflush", each iostat instance is added to blkcg percpu list, so blkcgresetstats can't reset the stat instance by...
SUSE CVE-2022-48715
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Make bnx2fcrecvframe mp safe Running tests with a debug kernel shows that bnx2fcrecvframe is modifying the percpu lport stats counters in a non-mpsafe way. Just boot a debug kernel and run the bnx2fc driver with the...
DEBIAN-CVE-2022-48715
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Make bnx2fcrecvframe mp safe Running tests with a debug kernel shows that bnx2fcrecvframe is modifying the percpu lport stats counters in a non-mpsafe way. Just boot a debug kernel and run the bnx2fc driver with the...
DEBIAN-CVE-2024-38569
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisipcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd 1, but the driver does not check whether the array index is out of bounds when writing...
SUSE CVE-2021-4218
A flaw was found in the Linux kernel's implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause a denial of service while the system reboots. The issue is specific to CentOS/RHEL...
SUSE CVE-2024-36030
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: fix the double free in rvunpcfreemem Clang static checkerscan-build warning: drivers/net/ethernet/marvell/octeontx2/af/rvunpc.c:line 2184, column 2 Attempt to free released memory. npcmcamrsrcsdeinit has released...
CVE-2024-36030 octeontx2-af: fix the double free in rvu_npc_freemem()
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: fix the double free in rvunpcfreemem Clang static checkerscan-build warning: drivers/net/ethernet/marvell/octeontx2/af/rvunpc.c:line 2184, column 2 Attempt to free released memory. npcmcamrsrcsdeinit has released...
CVE-2023-52879
In the Linux kernel, the following vulnerability has been resolved: tracing: Have traceeventfile have ref counters The following can crash the kernel: cd /sys/kernel/tracing echo 'p:sched schedule' kprobeevents exec 5events/kprobes/sched/enable kprobeevents exec 5&- The above commands: 1. Change...
CVE-2023-52879
In the Linux kernel, the following vulnerability has been resolved: tracing: Have traceeventfile have ref counters The following can crash the kernel: cd /sys/kernel/tracing echo 'p:sched schedule' kprobeevents exec 5events/kprobes/sched/enable kprobeevents exec 5&- The above commands: 1. Change...
CVE-2023-52879 tracing: Have trace_event_file have ref counters
In the Linux kernel, the following vulnerability has been resolved: tracing: Have traceeventfile have ref counters The following can crash the kernel: cd /sys/kernel/tracing echo 'p:sched schedule' kprobeevents exec 5events/kprobes/sched/enable kprobeevents exec 5&- The above commands: 1. Change...
CVE-2023-52879 tracing: Have trace_event_file have ref counters
In the Linux kernel, the following vulnerability has been resolved: tracing: Have traceeventfile have ref counters The following can crash the kernel: cd /sys/kernel/tracing echo 'p:sched schedule' kprobeevents exec 5events/kprobes/sched/enable kprobeevents exec 5&- The above commands: 1. Change...
CVE-2023-52879
CVE-2023-52879 describes a Linux kernel vulnerability in tracing, specifically adding ref counters to trace_event_file to prevent use-after-free when a kprobe event is deleted while its tracefs file is still open. The issue can cause a kernel NULL pointer dereference and crash (local privilege no...
CVE-2023-52839 drivers: perf: Do not broadcast to other cpus when starting a counter
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Do not broadcast to other cpus when starting a counter This command: $ perf record -e cycles:k -e instructions:k -c 10000 -m 64M dd if=/dev/zero of=/dev/null count=1000 gives rise to this kernel warning: 444.364395...
SUSE CVE-2024-27012
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set elements when delete set fails From abort path, nftmapelemactivate needs to restore refcounters to the original state. Currently, it uses the set-ops-walk to iterate over these set elements. The...
CVE-2024-3481
The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks...
CVE-2024-3481 Counter Box < 1.2.4 - Counter Deletion via CSRF
The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks...
PT-2024-26206 · WordPress · Counter Box
Name of the Vulnerable Software and Affected Versions: The Counter Box WordPress plugin versions prior to 1.2.4 Description: The issue is related to the lack of CSRF checks in some bulk actions, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting counte...
SUSE CVE-2022-48643
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix nftcountersenabled underflow at nftablesaddchain syzbot is reporting underflow of nftcountersenabled counter at nftablesaddchain 1, for commit 43eb8949cfdffa76 "netfilter: nftables: do not leave chain sta...