AZL-51509 CVE-2024-50040 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 "igb: Fix igbdown hung on surprise removal" changed igbioerrordetected to ignore non-fatal pcie errors in order to avoid hung task that can happen when...

DEBIAN-CVE-2024-50040

In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 "igb: Fix igbdown hung on surprise removal" changed igbioerrordetected to ignore non-fatal pcie errors in order to avoid hung task that can happen when...

UBUNTU-CVE-2024-50040

In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 "igb: Fix igbdown hung on surprise removal" changed igbioerrordetected to ignore non-fatal pcie errors in order to avoid hung task that can happen when...

CVE-2024-50056

CVE-2024-50056 pertains to the Linux kernel USB gadget UVC driver. The description documents a fix for an ERR_PTR dereference in uvc_v4l2.c, specifically preventing potential dereferencing of ERR_PTR() in find_format_by_pix() and uvc_v4l2_enum_format(). A related related issue is also addressed i...

CVE-2024-50040 igb: Do not bring the device up after non-fatal error

In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 "igb: Fix igbdown hung on surprise removal" changed igbioerrordetected to ignore non-fatal pcie errors in order to avoid hung task that can happen when...

CVE-2024-50040

CVE-2024-50040 concerns the igb driver in the Linux kernel. The issue stemmed from igb_io_error_detected() treating transient non-fatal PCIe errors as non-fatal, which could lead igb_io_resume() to assume the device was still up and attempt a bring-up, causing a kernel panic during recovery from ...

CVE-2024-49986

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platformdeviceregister errors x86androidtabletremove frees the pdevs array, so it should not be used after calling x86androidtabletremove. When platformdeviceregister fails...

CVE-2024-49960

In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4fillsuper The deltimersync function cancels the serrreport timer, which reminds about filesystem errors daily. We should guarantee the timer is ...

DEBIAN-CVE-2024-49931

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix array out-of-bound access in SoC stats Currently, the ath12ksocdpstats::halreoerror array is defined with a maximum size of DPREODSTRINGMAX. However, the ath12kdprxprocess function access...

UBUNTU-CVE-2024-49878

In the Linux kernel, the following vulnerability has been resolved: resource: fix regionintersects vs addmemorydrivermanaged On a system with CXL memory, the resource tree /proc/iomem related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff ...

UBUNTU-CVE-2024-50001

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA mapping was established The multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This could fail, e.g. under...

CVE-2024-49960 ext4: fix timer use-after-free on failed mount

In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4fillsuper The deltimersync function cancels the serrreport timer, which reminds about filesystem errors daily. We should guarantee the timer is ...

CVE-2024-49960 ext4: fix timer use-after-free on failed mount

In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4fillsuper The deltimersync function cancels the serrreport timer, which reminds about filesystem errors daily. We should guarantee the timer is ...

CVE-2024-49960 ext4: fix timer use-after-free on failed mount

In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4fillsuper The deltimersync function cancels the serrreport timer, which reminds about filesystem errors daily. We should guarantee the timer is ...

CVE-2024-47689

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to don't set SBRDONLY in f2fshandlecriticalerror syzbot reports a f2fs bug as below: ------------ cut here ------------ WARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcusyncdtor+0xcd/0x180 kernel/rcu/sync.c:177 CPU: ...

CVE-2024-47725

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the btrfs filesystem not properly handling errors during read ahead operations on relocation inodes during R...

The vulnerability of the Field Service Engineer Portal component of the Oracle Field Service management platform allows a malicious individual to access, modify, add, and delete data. This component is part of the Oracle E-Business Suite, which is used for automating business processes in enterprises.

The vulnerability of the Field Service Engineer Portal component of the Oracle Field Service management platform, part of the Oracle E-Business Suite, is related to authentication errors. Exploiting this vulnerability could allow an attacker to gain access to modify, add, and delete data using th...

The vulnerability of Microprogrammed Software in Synology cameras such as BC500, TC500, and CC400W arises from access control errors, allowing attackers to execute arbitrary code.

The vulnerability of the microprogramming software of Synology BC500, Synology TC500, and Synology CC400W is related to access control errors. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the Site Hierarchy Flows component of the Oracle Site Hub data storage and management system, a part of the Oracle E-Business Suite, allows an attacker to access, modify, add, and delete data.

The vulnerability of the Site Hierarchy Flows component of the Oracle Site Hub data storage and management system, a part of the Oracle E-Business Suite automation system for enterprise activities, is related to authentication errors. Exploiting this vulnerability could allow an attacker to gain...