CVE-2022-49838 sctp: clear out_curr if all frag chunks of current msg are pruned

In the Linux kernel, the following vulnerability has been resolved: sctp: clear outcurr if all frag chunks of current msg are pruned A crash was reported by Zhen Chen: listdel corruption, ffffa035ddf01c18-next is NULL WARNING: CPU: 1 PID: 250682 at lib/listdebug.c:49 listdelentryvalid+0x59/0xe0...

PT-2025-18475

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A vulnerability in the Linux kernel has been resolved. The issue is related to the wifi mac80211 component, where the skb control block key could be removed before the ieee80211 tx...

PT-2025-20352

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential use-after-free UAF issue in the hfsc dequeue function has been resolved. The fix aims to safeguard this function, similar to a previous patch. However, a reliable reproducer...

PT-2025-27895

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.65 Description: A vulnerability in the Linux kernel has been resolved, related to the thunderbolt module. The issue occurs when the tb cfg request dequeue function is called twice for the same request,...

CVE-2024-11041

A flaw was found in the vLLM MessageQueue. This vulnerability allows remote code execution via the MessageQueue.dequeue function, which improperly uses pickle.loads to parse received sockets, enabling an attacker to execute arbitrary code by sending a malicious payload. Mitigation Mitigation for...

CVE-2024-11041

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

CVE-2024-11041

vllm-project vLLM version 0.6.2 contains a vulnerability in MessageQueue.dequeue() where pickle.loads is used to parse received sockets, enabling remote code execution if a malicious payload is sent to the MessageQueue. Multiple sources (CVE-2024-11041 entries across OSV, RH Red Hat, GHSA, CHAING...

SUSE CVE-2024-49573

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix NEXTBUDDY Adam reports that enabling NEXTBUDDY insta triggers a WARN in picknextentity. Moving clearbuddies up before the delayed dequeue bits ensures no -next buddy becomes delayed. Further ensure no new -next...

DEBIAN-CVE-2024-49573

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix NEXTBUDDY Adam reports that enabling NEXTBUDDY insta triggers a WARN in picknextentity. Moving clearbuddies up before the delayed dequeue bits ensures no -next buddy becomes delayed. Further ensure no new -next...

UBUNTU-CVE-2024-49573

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix NEXTBUDDY Adam reports that enabling NEXTBUDDY insta triggers a WARN in picknextentity. Moving clearbuddies up before the delayed dequeue bits ensures no -next buddy becomes delayed. Further ensure no new -next...

CVE-2024-49573 sched/fair: Fix NEXT_BUDDY

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix NEXTBUDDY Adam reports that enabling NEXTBUDDY insta triggers a WARN in picknextentity. Moving clearbuddies up before the delayed dequeue bits ensures no -next buddy becomes delayed. Further ensure no new -next...

CVE-2024-49573

CVE-2024-49573 affects the Linux kernel sched/fair NEXT_BUDDY logic. Enabling NEXT_BUDDY could trigger a WARN in pick_next_entity(); fix moves clear_buddies() earlier and ensures no new ->next buddy starts as delayed. Upstream/stable kernel patches implement this remediation (see referenced ke...

PT-2025-33708

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's net/sched subsystem related to the handling of netem network emulator queuing disciplines qdiscs. The duplication prevention logic within netem...

PT-2025-36272

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's networking scheduler related to backlog accounting within the qdisc dequeue internal function. This issue affects the hhf, fq, fq codel, and fq pie...

SUSE CVE-2024-53207

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hcicmdsyncdequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G ...

CVE-2024-53207 Bluetooth: MGMT: Fix possible deadlocks

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hcicmdsyncdequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G ...

OESA-2024-2537 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: xhci: Handle TD clearing for multiple streams case When multiple streams are in use, multiple TDs might be in flight when an endpoint is stopped. We need to issu...

PT-2024-10585 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to an incorrect bounds check in the dequeueAccessUnitMPEG4Video function of ESQueue.cpp, which can lead to an infinite loop and...

CVE-2024-50100 USB: gadget: dummy-hcd: Fix "task hung" problem

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: dummy-hcd: Fix "task hung" problem The syzbot fuzzer has been encountering "task hung" problems ever since the dummy-hcd driver was changed to use hrtimers instead of regular timers. It turns out that the problems ar...

DEBIAN-CVE-2024-49926

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix access non-existent percpu rtpcp variable in rcutasksneedgpcb For kernels built with CONFIGFORCENRCPUS=y, the nrcpuids is defined as NRCPUS instead of the number of possible cpus, this will cause the following syst...