PT-2025-26002 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the cifs Common Internet File System component. The issue occurs when the deferred close work is canceled,...

kernel: drm/fb-helper: Fix out-of-bounds access

In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fix out-of-bounds access Clip memory range to screen-buffer size to avoid out-of-bounds access in fbdev deferred I/O's damage handling. Fbdev's deferred I/O can only track pages. From the range of pages, the damage...

kernel: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was timing out when deferredprobetimeout was non-zero 1. This was because ipautoconfig initcall times out waiting for the network interfac...

kernel: drm/fb-helper: Fix out-of-bounds access

In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fix out-of-bounds access Clip memory range to screen-buffer size to avoid out-of-bounds access in fbdev deferred I/O's damage handling. Fbdev's deferred I/O can only track pages. From the range of pages, the damage...

Reappearance of M-02 in SafEth.unstake()

Reappearance of M-02 in SafEth.unstake Description The changes in SafEth.unstake has introduced a new issue parallel to the one present in SfrxEth.withdraw which was reported in M-02: sFrxEth may revert on redeeming non-zero amount, i.e. SafEth.unstake may revert as a consequence of a valid call ...

Malicious code in @hyperion-util/deferred-value (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ee6f14ca7114d9a5fd5096b74a8d6efa41d9df7e63dfcbfa2778ba8ba7d5dc64 The OpenSSF Package Analysis project identified '@hyperion-util/deferred-value' @ 77.77.79 npm as malicious. It is considered malicious because:...

MAL-2023-2 Malicious code in @hyperion-util/deferred-value (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ee6f14ca7114d9a5fd5096b74a8d6efa41d9df7e63dfcbfa2778ba8ba7d5dc64 The OpenSSF Package Analysis project identified '@hyperion-util/deferred-value' @ 77.77.79 npm as malicious. It is considered malicious because:...

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - January 2023 CPU plus deferred CVE-2022-21426

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

SUSE CVE-2007-0452

smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service memory and CPU exhaustion by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop...

SUSE CVE-2013-1432

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service premature page free and hypervisor crash or possibly gain privileges via unspecified vectors...

SUSE CVE-2016-1710

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

SUSE CVE-2016-5147

Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS UXSS."...

SUSE CVE-2016-5205

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

SUSE CVE-2020-15077

OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...

SUSE CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...

SUSE CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

GSD-2022-1006292 ALSA: timer: Use deferred fasync helper

ALSA: timer: Use deferred fasync helper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.326 by commit...

GSD-2022-1005948 ALSA: timer: Use deferred fasync helper

ALSA: timer: Use deferred fasync helper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.211 by commit...

GSD-2022-1005531 cifs: Fix memory leak on the deferred close

cifs: Fix memory leak on the deferred close This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.63 by commit...

GSD-2022-1005468 ALSA: timer: Use deferred fasync helper

ALSA: timer: Use deferred fasync helper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.63 by commit...