CVE-2024-26606

CVE-2024-26606 affects the Linux kernel binder subsystem. In (e)poll mode, a binder thread that issues a BINDER_WRITE_READ without a read buffer may later rely on epoll_wait to process responses, but if the epoll/wakeup signaling is not triggered for the thread’s own enqueued work, the thread can...

CVE-2024-26606 binder: signal epoll threads of self-work

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In epoll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDERWRITEREAD without a read buffer...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that an epoll thread waiting indefinitely can lead to a denial of service...

CVE-2022-48620

uev aka libuev before 2.4.1 has a buffer overflow in epollwait if maxevents is a large number...

DEBIAN-CVE-2022-48620

uev aka libuev before 2.4.1 has a buffer overflow in epollwait if maxevents is a large number...

CVE-2022-48620

uev aka libuev before 2.4.1 has a buffer overflow in epollwait if maxevents is a large number...

libuev Security Vulnerabilities

libuev is a lightweight event loop library for the Linux epoll family of APIs by the individual developer Joachim Wiberg. A security vulnerability exists in libuev versions prior to 2.4.1, which stems from the presence of a buffer overflow vulnerability...

PT-2024-11762

Name of the Vulnerable Software and Affected Versions uev aka libuev versions prior to 2.4.1 Description The issue is related to a buffer overflow in the epoll wait function when maxevents is a large number. Recommendations For versions prior to 2.4.1, update to version 2.4.1 or later to resolve...

CVE-2023-52266

ehttp 1.0.6 before 17405b9 has an epollsocket.cpp readfunc use-after-free. An attacker can make many connections over a short time to trigger this...

ehttp Security Vulnerabilities

ehttp is a library by the Chinese developer hongliuliao. A security vulnerability exists in versions prior to ehttp 1.0.6, which stems from a post-release reuse in the readfunc function in epollsocket.cpp, resulting in memory corruption...

PT-2023-31949 · Ehttp · Ehttp

Name of the Vulnerable Software and Affected Versions: ehttp version 1.0.6 before 17405b9 Description: The issue is related to a use-after-free in the epoll socket.cpp read func. An attacker can trigger this by making many connections over a short time. Recommendations: For ehttp version 1.0.6...

OESA-2023-1773 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

Eclipse Mosquitto Security Vulnerability

Eclipse Mosquitto is a suite of open source message broker software from the Eclipse Foundation. A security vulnerability exists in Eclipse Mosquitto 2.0.5 and earlier versions, which originates when establishing a connection to the mosquitto server without sending data will result in the additio...

Oracle Linux 5 : ELSA-2012-1061-1: / kernel (ELSA-2012-10611)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-10611 advisory. - The epollctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLLCTLADD operations, which allows...

Debian: Security Advisory (DLA-310-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2005-0736

Integer overflow in sysepollwait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events...

SUSE CVE-2008-3889

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...

SUSE CVE-2011-1083

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service CPU consumption via a crafted application that makes epollcreate and epollctl system calls...

SUSE CVE-2011-1082

fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for 1 closed loops or 2 deep chains, which allows local users to cause a denial of service deadlock or stack memory consumption via a crafted application tha...

SUSE CVE-2012-3375

The epollctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLLCTLADD operations, which allows local users to cause a denial of service file-descriptor consumption and system crash via a crafted application that attempts to create a...