AZL-56402 CVE-2024-45339 affecting package glog for versions less than 0.3.5-16

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

AZL-56066 CVE-2024-45339 affecting package vitess for versions less than 19.0.4-4

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

DEBIAN-CVE-2024-45339

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

CVE-2024-45339

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

UBUNTU-CVE-2024-45339

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

CVE-2024-45339

CVE-2024-45339 affects the Go glog package. The issue arises when logs are written to a widely-writable directory: an unprivileged attacker could predict a privileged process’s log path and pre-create a symlink to a sensitive file, causing the process to overwrite it. The fix is to have glog exit...

glog 安全漏洞

glog is a Go open source hierarchical execution log for Go. A security vulnerability exists in glog versions prior to 1.2.4, which stems from the presence of a sensitive file overwrite vulnerability that allows an attacker to pre-create symbolic links to exit the program to fix it...

SUSE CVE-2024-57844

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drmdeventer/drmdevexit. This fixes the followin...

SUSE CVE-2024-55639

In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitchdevice structure is used at several driver locations. So passing this node to ofnodeput after the first use is wrong. Move...

CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...

DEBIAN-CVE-2024-55639

In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitchdevice structure is used at several driver locations. So passing this node to ofnodeput after the first use is wrong. Move...

UBUNTU-CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...

UBUNTU-CVE-2024-55639

In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitchdevice structure is used at several driver locations. So passing this node to ofnodeput after the first use is wrong. Move...

CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...

CVE-2024-55881

CVE-2024-55881 : In the Linux kernel, KVM for x86 had a fix to correctly detect 64‑bit hypercalls during complete_hypercall_exit() for guests with protected state (e.g., SEV-ES/SEV-SNP). The change replaces is_64_bit_mode() with is_64_bit_hypercall() to determine 64‑bit mode when the vCPU state n...

PT-2025-8806

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential crash in the Linux kernel has been identified. The issue occurs when setting up a bsg queue fails, causing the bsg queue to be assigned a non-NULL value. As a result, the...

PT-2025-37950

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s macb driver related to the order of operations during device removal. Specifically, the phy exit function was being called before unregister netdev,...

PT-2025-52660

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Comedi low-level driver "c6xdigio" has a flaw related to parallel port Plug and Play PNP resource management. The driver incorrectly handles PNP driver registration and unregistratio...

PT-2026-20441

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-284.11.1.el9 2 Description The Linux kernel contains a flaw related to the qla2xxx SCSI driver. A system crash can occur during load/unload testing due to improper handling of memory allocation and...

PT-2025-30829

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where the perf subsystem attempts to access user space memory during address space teardown in the do exit function, potentially leading to a crash. This...