CVE-2024-50191 ext4: don't set SB_RDONLY after filesystem errors

In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SBRDONLY after filesystem errors When the filesystem is mounted with errors=remount-ro, we were setting SBRDONLY flag to stop all filesystem modifications. We knew this misses proper locking sb-sumount and does no...

CVE-2024-50189 HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Switch to device-managed dmamalloccoherent Using the device-managed version allows to simplify clean-up in probe error path. Additionally, this device-managed ensures proper cleanup, which helps to resolve memory...

CVE-2024-50189 HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Switch to device-managed dmamalloccoherent Using the device-managed version allows to simplify clean-up in probe error path. Additionally, this device-managed ensures proper cleanup, which helps to resolve memory...

CVE-2024-50189 HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Switch to device-managed dmamalloccoherent Using the device-managed version allows to simplify clean-up in probe error path. Additionally, this device-managed ensures proper cleanup, which helps to resolve memory...

CVE-2024-50189

CVE-2024-50189 is described in the initial document as a Linux kernel issue: HID: amd_sfh: Switch to device-managed dmam_alloc_coherent(), enabling simpler cleanup in probe() error paths and purportedly improving cleanup to mitigate memory errors, page faults, btrfs issues, and disk corruption. T...

The vulnerability of the irqchip component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the irqchip component in the Linux operating system’s kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

ROS-20241108-01

A vulnerability in the mac80211 component of the Linux operating system kernel is related to information disclosure in the function stainfofree in net/mac80211/stainfo.c. Exploitation of the vulnerability could allow an attacker to gain access to confidential information A vulnerability in the As...

The vulnerability of the dpaa2-eth component in the Linux operating system’s kernel allows attackers to increase their privileges within the system.

The vulnerability of the dpaa2-eth component in the Linux operating system’s kernel is related to errors that occur after the dpaa2ethremove function is called. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

The vulnerability of the Oracle Database RDBMS Security component of the Oracle Database Server system allows a perpetrator to gain full control over the system.

The vulnerability of the Oracle Database RDBMS Security component of the Oracle Database Server lies in errors during privilege management. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full control over the system using the Oracle Net protocol...

The vulnerability of the Linux operating system’s crypto kernel component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s crypto kernel component is related to memory boundary errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the mlx5e component in the Linux operating system allows a hacker to execute arbitrary code.

The vulnerability of the mlx5e component in the Linux operating system is related to memory boundary errors. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the SCSI component in the Linux operating system allows a hacker to execute arbitrary code.

The vulnerability of the SCSI component in the Linux operating system is related to memory boundary errors in the scsimodesense function. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the Intel Raid Web Console web console, related to pointer swapping errors, allows a hacker to trigger a service failure.

The vulnerability of the Intel Raid Web Console web console is related to pointer aliasing errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the rtas component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the rtas component in the Linux operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the vfio component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the vfio component in the Linux operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

AZL-53376 CVE-2024-50147 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGEPAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGEPAGES. In addition,...

SUSE CVE-2024-51744

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

MAL-2024-10503 Malicious code in eth-errors (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ea1a7c96683b60d54de7b649e94461921dec57d5df019d8764439db87971ab2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in eth-errors (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ea1a7c96683b60d54de7b649e94461921dec57d5df019d8764439db87971ab2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the Checkmk Exchange plugin for MikroTik routers allows a hacker to execute a spoofing attack.

The vulnerability of the Checkmk Exchange plugin for MikroTik routers is related to errors in the authentication process. Exploiting this vulnerability allows a malicious actor to execute a spoofing attack remotely...