PT-2024-34020

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel's drm/vc4 code has been resolved. The issue occurred when a file descriptor was closed, and the active performance monitor was not stopped. Although...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2024:3502-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546...

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)

Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in...

kernel: cpufreq: exit() callback is optional

In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit callback is optional The exit callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freqtable pointer even if the exit callback isn't present...

kernel: ACPI: extlog: fix NULL pointer dereference check

REJECTED CVE A NULL pointer dereference issue was identified in the Linux kernel within the ACPI subsystem's extlog module. In the extlogexit function, the extlogl1addr pointer was dereferenced before verifying if it was NULL, potentially causing system instability or crashes during the cleanup...

kernel: cpufreq: exit() callback is optional

In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit callback is optional The exit callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freqtable pointer even if the exit callback isn't present...

kernel: ACPI: extlog: fix NULL pointer dereference check

REJECTED CVE A NULL pointer dereference issue was identified in the Linux kernel within the ACPI subsystem's extlog module. In the extlogexit function, the extlogl1addr pointer was dereferenced before verifying if it was NULL, potentially causing system instability or crashes during the cleanup...

kernel: cpufreq: amd-pstate: fix memory leak on CPU EPP exit

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc in amdpstateeppcpuinit is not freed in the analogous exit function, so fix that. rjw: Subject and changelog edits...

The vulnerability of the Webmin control panel for hosting services, related to a loop with an unreachable exit condition, allows attackers to cause a service failure.

The vulnerability of the Webmin control panel involves a cycle with an unreachable exit condition. Exploiting this vulnerability allows a malicious actor to cause service failures...

The vulnerability of the Go programming language’s network component, which allows a hacker to trigger a service failure

The vulnerability of the Go programming language component is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the PHP programming language, related to the execution of loops with an unavailable exit condition, allows attackers to cause service failures.

The vulnerability of the PHP programming language lies in the execution of a loop with an unavailable exit condition. Exploiting this vulnerability allows an attacker to cause a service failure...

SUSE CVE-2024-46782

In the Linux kernel, the following vulnerability has been resolved: ila: call nfunregisternethooks sooner syzbot found an use-after-free Read in ilanfinput 1 Issue here is that ilaxlatexitnet frees the rhashtable, then call nfunregisternethooks. It should be done in the reverse way, with a...

DEBIAN-CVE-2024-46786

In the Linux kernel, the following vulnerability has been resolved: fscache: delete fscachecookielrutimer when fscache exits to avoid UAF The fscachecookielrutimer is initialized when the fscache module is inserted, but is not deleted when the fscache module is removed. If timerreduce is called...

DEBIAN-CVE-2024-46782

In the Linux kernel, the following vulnerability has been resolved: ila: call nfunregisternethooks sooner syzbot found an use-after-free Read in ilanfinput 1 Issue here is that ilaxlatexitnet frees the rhashtable, then call nfunregisternethooks. It should be done in the reverse way, with a...

kernel: cpufreq: exit() callback is optional

In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit callback is optional The exit callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freqtable pointer even if the exit callback isn't present...

kernel: cpufreq: exit() callback is optional

In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit callback is optional The exit callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freqtable pointer even if the exit callback isn't present...

ROS-20240918-05

A vulnerability in the net component of the Golang programming language is related to the execution of a loop with an inaccessible exit condition. exit condition. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

The vulnerability of the vmx_enter_smm function in the arch/x86/kvm/vmx/vmx.c file of the KVM virtualization subsystem in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the vmxentersmm function in the arch/x86/kvm/vmx/vmx.c file of the KVM virtualization subsystem in the Linux operating system is related to the forced exit from the embedded virtualization operation when the SMM state is switched. This vulnerability allows a attacker to trigg...

The vulnerability of the `fixup_guest_exit` function in the arm64 component of the KVM virtualization subsystem of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the fixupguestexit function in the arm64 component of the KVM virtualization subsystem of the Linux operating system is related to the use of an outdated value of esr when a SError exception occurs. Exploiting this vulnerability can allow an attacker to cause a service failur...