PT-2024-8701 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.19 Description: A critical issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName, where the manipulation of the argument devName leads to a stack-based buffer overflow. This can be...

SUSE-SU-2024:2843-1 Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005559 fixes several issues. The following security issues were fixed: - CVE-2024-27398: Fixed use-after-free bug caused by scosocktimeout bsc1225013. - CVE-2024-35950: drm/client: Fully protect modes with dev-modeconfig.mutex bsc1225310. -...

kernel: bonding: stop the device in bond_setup_by_slave()

In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bondsetupbyslave Commit 9eed321cde22 "net: lapbether: only support ethernet devices" has been able to keep syzbot away from net/lapb, until today. In the following splat 1, the issue is that a lapbethe...

CVE-2024-42248 tty: serial: ma35d1: Add a NULL check for of_node

In the Linux kernel, the following vulnerability has been resolved: tty: serial: ma35d1: Add a NULL check for ofnode The pdev-dev.ofnode can be NULL if the "serial" node is absent. Add a NULL check to return an error in such cases...

Linux DRM drm_file_update_pid() Race Condition / Use-After-Free Exploit

Linux DRM has drmfileupdatepid call to getpid too late, which creates a race condition that can lead to use-after-free issue of a struct pid. Linux: DRM: refcount incremented too late in drmfileupdatepid I am sending this to security@ and to the drm-misc maintainers - based on...

json-c: Buffer Overflow

Background json-c is a JSON implementation in C. Description Please review the CVE identifier referenced below for details. Impact A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit. Workaround There is no known workaround at this tim...

SUSE SLES15 Security Update : kernel (Live Patch 43 for SLE 15 SP2) (SUSE-SU-2024:2760-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2760-1 advisory. This update for the Linux Kernel 5.3.18-15020024172 fixes several issues. The following security issues were fixed: - CVE-2024-27398: Fixed...

SUSE-SU-2024:2793-1 Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059138 fixes several issues. The following security issues were fixed: - CVE-2024-27398: Fixed use-after-free bug caused by scosocktimeout bsc1225013. - CVE-2024-35950: drm/client: Fully protect modes with dev-modeconfig.mutex bsc1225310...

(0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on Microsoft GitHub. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of Dev-Containers. The application does not enforce the privileged flag within a devcontainer...

SUSE SLES15 Security Update : kernel (Live Patch 44 for SLE 15 SP2) (SUSE-SU-2024:2734-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2734-1 advisory. This update for the Linux Kernel 5.14.21-1505001311 fixes several issues. The following security issues were fixed: - CVE-2024-27398: Fixed...

SUSE SLES15 Security Update : kernel RT (Live Patch 7 for SLE 15 SP5) (SUSE-SU-2024:2724-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2724-1 advisory. This update for the Linux Kernel 5.14.21-1505001324 fixes several issues. The following security issues were fixed: - CVE-2024-27398: Fixed...

SUSE-SU-2024:2760-1 Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024172 fixes several issues. The following security issues were fixed: - CVE-2024-27398: Fixed use-after-free bug caused by scosocktimeout bsc1225013. - CVE-2024-35950: drm/client: Fully protect modes with dev-modeconfig.mutex bsc1225310...

SUSE-SU-2024:2750-1 Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001318 fixes several issues. The following security issues were fixed: - CVE-2024-27398: Fixed use-after-free bug caused by scosocktimeout bsc1225013. - CVE-2024-35950: drm/client: Fully protect modes with dev-modeconfig.mutex bsc1225310...

AZL-49546 CVE-2024-3056 affecting package podman 4.1.1-26

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources...

AZL-49596 CVE-2024-3056 affecting package podman for versions less than 5.6.1-2

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources...

AZL-54111 CVE-2024-42134 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if isavq is NULL bug In the virtiopcicommon.c function vpdelvqs, vpdev-isavq is involved to determine whether it is admin virtqueue, but this function vpdev-isavq may be empty. For installations, virtiopcilegacy...

AZL-47109 CVE-2024-42071 affecting package kernel for versions less than 5.15.162.2-1

In the Linux kernel, the following vulnerability has been resolved: ionic: use devconsumeskbany outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call napiconsumeskb, specifically we need to call it with budget==0 to signal to it that we're not in a safe...

UBUNTU-CVE-2024-41084

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Avoid null pointer dereference in region lookup cxldpatoregion looks up a region based on a memdev and DPA. It wrongly assumes an endpoint found mapping the DPA is also of a fully assembled region. When not true it...

CVE-2024-42063 bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

DEBIAN-CVE-2024-41063

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: cancel all works upon hciunregisterdev syzbot is reporting that calling hcireleasedev from hcierrorreset due to hcidevput from hcierrorreset can cause deadlock at destroyworkqueue, for hcierrorreset is called...