CVE-2024-38667

CVE-2024-38667 affects the Linux kernel on RISC‑V: secondary idle threads can have their top‑of‑stack overlap with pt_regs, risking corruption of pt_regs and potentially saving/restoring a non‑existent V context. The issue mirrors a fix for the primary hart and was not propagated to secondary har...

CVE-2024-38667 riscv: prevent pt_regs corruption for secondary idle threads

In the Linux kernel, the following vulnerability has been resolved: riscv: prevent ptregs corruption for secondary idle threads Top of the kernel thread stack should be reserved for ptregs. However this is not the case for the idle threads of the secondary boot harts. Their stacks overlap with...

SUSE CVE-2024-31076

In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQDMOVEPCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the next...

DEBIAN-CVE-2024-31076

In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQDMOVEPCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the next...

SUSE CVE-2023-52831

In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, then an attempt to offline the last housekeeping CPU will result in a WARNON when rebuilding the...

SUSE CVE-2021-47553

In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringupcpu To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in use, poisoned shadow is left around for each of the...

Oracle Linux 8 : kernel (ELSA-2024-3138)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3138 advisory. - x86/sev: Harden VC instruction emulation somewhat Vitaly Kuznetsov RHEL-30040 CVE-2024-25743 CVE-2024-25742 - mm/sparsemem: fix race in accessing...

CVE-2021-47553

In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringupcpu To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in use, poisoned shadow is left around for each of the...

SUSE CVE-2023-52860

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhpstateremoveinstancenocalls for hisihns3pmu uninit process When tearing down a 'hisihns3' PMU, we mistakenly run the CPU hotplug callbacks after the device has been unregistered, leading to fireworks...

kernel security, bug fix, and enhancement update

4.18.0-553.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x...

CVE-2023-52860

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhpstateremoveinstancenocalls for hisihns3pmu uninit process When tearing down a 'hisihns3' PMU, we mistakenly run the CPU hotplug callbacks after the device has been unregistered, leading to fireworks...

DEBIAN-CVE-2023-52831

In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, then an attempt to offline the last housekeeping CPU will result in a WARNON when rebuilding the...

UBUNTU-CVE-2023-52860

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhpstateremoveinstancenocalls for hisihns3pmu uninit process When tearing down a 'hisihns3' PMU, we mistakenly run the CPU hotplug callbacks after the device has been unregistered, leading to fireworks...

UBUNTU-CVE-2023-52831

In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, then an attempt to offline the last housekeeping CPU will result in a WARNON when rebuilding the...

CVE-2023-52831

In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, then an attempt to offline the last housekeeping CPU will result in a WARNON when rebuilding the...

CVE-2023-52860

CVE-2023-52860 relates to the Linux kernel; the root issue occurs in the perf driver when tearing down a hisi_hns3 PMU, where CPU hotplug callbacks could run after the PMU is unregistered, leading to a NULL pointer dereference. The fix uses cpuhp_state_remove_instance_nocalls() instead of cpuhp_s...

CVE-2023-52860 drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhpstateremoveinstancenocalls for hisihns3pmu uninit process When tearing down a 'hisihns3' PMU, we mistakenly run the CPU hotplug callbacks after the device has been unregistered, leading to fireworks...

CVE-2023-52831 cpu/hotplug: Don't offline the last non-isolated CPU

In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, then an attempt to offline the last housekeeping CPU will result in a WARNON when rebuilding the...

CVE-2023-52831 cpu/hotplug: Don't offline the last non-isolated CPU

In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, then an attempt to offline the last housekeeping CPU will result in a WARNON when rebuilding the...

SUSE CVE-2024-35801

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfdstate in sync with MSRIA32XFD Commit 672365477ae8 "x86/fpu: Update XFD state where required" and commit 8bf26758ca96 "x86/fpu: Add XFD state to fpstate" introduced a per CPU variable xfdstate to keep the MSRIA32X...