4718 matches found
GO-2022-0390 Moby (Docker Engine) started with non-empty inheritable Linux process capabilities in github.com/docker/docker
Moby Docker Engine started with non-empty inheritable Linux process capabilities in github.com/docker/docker...
PT-2024-33744
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A null pointer issue in the Linux kernel has been resolved by adding a list empty check. This check is intended to prevent null pointer issues in certain corner cases, specifically whe...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to properly check if the root directory block is empty...
net: dsa: mv88e6xxx: Correct check for empty list
...
kernel: net: netlink: af_netlink: Prevent empty skb by adding a check on len.
In the Linux kernel, the following vulnerability has been resolved: net: netlink: afnetlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This prevents a division error in netemenqueue function which is caused when skb-len=0 and skb-datalen=0 in...
kernel: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUGON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUGON, a...
kernel: crash due to a missing check for leb_size
A flaw was found in the Linux kernel. The createemptylvol function in the drivers/mtd/ubi/vtbl.c file can attempt to allocate zero bytes of memory when the LEB size is smaller than a single volume table record. This issue can result in a denial of service...
kernel: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...
SUSE CVE-2024-42236
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form if str0 - 1 == '\n' followed...
SUSE CVE-2024-42224
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 "net: dsa: mv88e6xxx: Support multiple MDIO busses" mv88e6xxxdefaultmdiobus has checked that the return value of listfirstentry is non-NULL. This appears...
USN-6937-1 openssl vulnerabilities
It was discovered that OpenSSL incorrectly handled TLSv1.3 sessions when certain non-default TLS server configurations were in use. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. CVE-2024-2511 It was discovered that OpenSSL...
AZL-47379 CVE-2024-42224 affecting package kernel for versions less than 6.6.43.1-7
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 "net: dsa: mv88e6xxx: Support multiple MDIO busses" mv88e6xxxdefaultmdiobus has checked that the return value of listfirstentry is non-NULL. This appears...
AZL-47337 CVE-2024-42224 affecting package kernel for versions less than 5.15.163.1-1
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 "net: dsa: mv88e6xxx: Support multiple MDIO busses" mv88e6xxxdefaultmdiobus has checked that the return value of listfirstentry is non-NULL. This appears...
DEBIAN-CVE-2024-42224
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 "net: dsa: mv88e6xxx: Support multiple MDIO busses" mv88e6xxxdefaultmdiobus has checked that the return value of listfirstentry is non-NULL. This appears...
UBUNTU-CVE-2024-42224
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 "net: dsa: mv88e6xxx: Support multiple MDIO busses" mv88e6xxxdefaultmdiobus has checked that the return value of listfirstentry is non-NULL. This appears...
CVE-2024-42224 net: dsa: mv88e6xxx: Correct check for empty list
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 "net: dsa: mv88e6xxx: Support multiple MDIO busses" mv88e6xxxdefaultmdiobus has checked that the return value of listfirstentry is non-NULL. This appears...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the net:dsa:mv88e6xxx module when checking for an empty list using listfirstentry, listfirstentryornull...
DEBIAN-CVE-2024-42088
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Add platform entry for ETDM1OUTBE dai link Commit e70b8dd26711 "ASoC: mediatek: mt8195: Remove afe-dai component and rework codec link" removed the codec entry for the ETDM1OUTBE dai link entirely instead ...
UBUNTU-CVE-2024-42088
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Add platform entry for ETDM1OUTBE dai link Commit e70b8dd26711 "ASoC: mediatek: mt8195: Remove afe-dai component and rework codec link" removed the codec entry for the ETDM1OUTBE dai link entirely instead ...
AZL-62696 CVE-2024-41067 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly BUG When running btrfs/060 with forced RST feature, it would crash the following ASSERT inside scrubreadendio: ASSERTsectornr nrsectors; Before that, we would have tree dump from...