Alibaba Cloud Linux 3 : 0185: device-mapper-multipath (ALINUX3-SA-2022:0185)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0185 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-3787: RESERVED This candidate has been...

Alibaba Cloud Linux 3 : 0066: device-mapper-multipath (ALINUX3-SA-2023:0066)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0066 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41973: multipath-tools 0.7.7 through 0.9.x...

kernel: dm array: fix releasing a faulty array block twice in dm_array_cursor_end

In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dmarraycursorend When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller ...

device-mapper-multipath bug fix and enhancement update

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

SUSE CVE-2022-49771

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the "dmtargetiteratelistversiongetneeded, &needed" call and then will fill the space using the...

Rollbaccine : Herd Immunity against Storage Rollback Attacks in TEEs [Technical Report]

Today, users can "lift-and-shift" unmodified applications into modern, VM-based Trusted Execution Environments TEEs in order to gain hardware-based security guarantees. However, TEEs do not protect applications against disk rollback attacks, where persistent storage can be reverted to an earlier...

dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature

...

DEBIAN-CVE-2023-53044

In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate allocpercpu failure Check allocprecpu's return value and return an error from dmstatsinit if it fails. Update allocdev to fail if dmstatsinit does. Otherwise, a NULL pointer dereference will occu...

DEBIAN-CVE-2022-49771

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the "dmtargetiteratelistversiongetneeded, &needed" call and then will fill the space using the...

UBUNTU-CVE-2022-49771

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the "dmtargetiteratelistversiongetneeded, &needed" call and then will fill the space using the...

Vulnerability of the __dm_internal_suspend() function in the drivers/md/dm.c module – The driver for supporting multiple devices (RAID and LVM) in the Linux kernel allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the dminternalsuspend function in the drivers/md/dm.c module – The driver for supporting multiple devices RAID and LVM in the Linux kernel is vulnerable due to improper control of resource identifiers “resource injection”. Exploiting this vulnerability allows an attacker to...

PT-2025-27726

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the device-mapper dm and its handling of zoned devices with zone write plugs. The issue arises when the dm revalidate...

CLSA-2025-1742472545 kernel: Fix of 9 CVEs

USB: serial: ioedgeport: fix use after free in debug printk CVE-2024-50267 - HID: core: zero-initialize the report buffer CVE-2024-50302 - dm cache: fix potential out-of-bounds access on the first resume CVE-2024-50278 - dm cache: fix out-of-bounds access to the dirty bitset when resizing...

device-mapper-multipath bug fix and enhancement update

An update is available for device-mapper-multipath. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

Linux Distros Unpatched Vulnerability : CVE-2024-57929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm array: fix releasing a faulty array block twice in dmarraycursorend When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block...

Linux Distros Unpatched Vulnerability : CVE-2021-47498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come fro...

SUSE CVE-2022-49270

In the Linux kernel, the following vulnerability has been resolved: dm: fix use-after-free in dmcleanupzoneddev dmcleanupzoneddev uses queue, so it must be called before blkcleanupdisk starts its killing: blkcleanupdisk-blkcleanupqueue-kobjectput-blkreleasequeue-...

SUSE CVE-2022-49674

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is defined by the number of raid metadata and ima...

DEBIAN-CVE-2022-49710

In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITSPERLONG The code in dm-log rounds up bitsetsize to 32 bits. It then uses findnextzerobitle on the allocated region. findnextzerobitle accesses the bitmap using unsigned long...

DEBIAN-CVE-2022-49270

In the Linux kernel, the following vulnerability has been resolved: dm: fix use-after-free in dmcleanupzoneddev dmcleanupzoneddev uses queue, so it must be called before blkcleanupdisk starts its killing: blkcleanupdisk-blkcleanupqueue-kobjectput-blkreleasequeue-...