RHCOS 4 : OpenShift Container Platform 4.5.20 packages and golang (RHSA-2020:5119)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5119 advisory. - golang: data race in certain net/http servers including ReverseProxy can lead to DoS CVE-2020-15586 - golang: ReadUvarint and...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2020-942:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-942:01 advisory. golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash CVE-2020-14040 golang: data race in certain net/ht...

EUVD-2024-51796

Malicious code in bioql PyPI...

CVE-2022-49443

In the Linux kernel, the following vulnerability has been resolved: list: fix a data-race around ep-rdllist eppoll first calls epeventsavailable with no lock held and checks if ep-rdllist is empty by listemptycareful, which reads rdllist-prev. Thus all accesses to it need some protection to avoid...

CVE-2024-38596

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races in unixreleasesock/unixstreamsendmsg A data-race condition has been identified in afunix. In one data path, the write function unixreleasesock atomically writes to sk-skshutdown using WRITEONCE. However, on...

CVE-2024-38596

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races in unixreleasesock/unixstreamsendmsg A data-race condition has been identified in afunix. In one data path, the write function unixreleasesock atomically writes to sk-skshutdown using WRITEONCE. However, on...

CVE-2024-36938

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in skpsockskbingressenqueue Fix NULL pointer data-races in skpsockskbingressenqueue which syzbot reported 1. 1 BUG: KCSAN: data-race in skpsockdrop / skpsockskbingressenqueue write to...

CVE-2024-27019 netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix potential data-race in nftobjtypeget nftunregisterobj can concurrent with nftobjtypeget, and there is not any protection when iterate over nftablesobjects list in nftobjtypeget. Therefore, there is...

CVE-2024-26904

A data race vulnerability in the btrfsuseblockrsv function in the Linux kernel's btrfs filesystem code has been resolved. This issue led to inconsistent block reserve management, potentially causing data corruption or other filesystem errors. Mitigation Mitigation for this issue is either not...

CVE-2024-26861

In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receivingcounter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair-receivingcounter.counter. Use READONCE and WRITEONCE annotations to mark the data rac...

CVE-2024-26905

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

GSD-2022-1007502 tcp: annotate data-race around tcp_md5sig_pool_populated

tcp: annotate data-race around tcpmd5sigpoolpopulated This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.262 by commit...

GSD-2022-1005972 igb: Add lock to avoid data race

igb: Add lock to avoid data race This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.211 by commit 55197ba6d64d48f1948e6e1f52482e0e3e38e1bf, it...

PT-2022-33239 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.8 Description: The issue is related to an annotated data-race around challenge timestamp. It was introduced in version v3.8 and fixed in version v5.19.8. The actual impact and attack plausibility have not...

GSD-2022-1004397 raw: Fix a data-race around sysctl_raw_l3mdev_accept.

raw: Fix a data-race around sysctlrawl3mdevaccept. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.56 by commit...

HeaderMap::Drain API is unsound

Affected versions of this crate incorrectly used raw pointer, which introduced unsoundness in its public safe API. Failing to drop the Drain struct causes double-free, and it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation. The flaw was corrected ...

CVE-2017-1000380

CVE-2017-1000380 affects the Linux kernel ALSA sound timer driver. A race between read and ioctl on /dev/snd/timer can disclose uninitialized memory to local users. Affected: kernels prior to 4.11.5. Remediation: upgrade to Linux kernel 4.11.5 or later (upstream fix referenced by ChangeLog-4.11.5...