103 matches found
CVE-2024-53068 firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix slab-use-after-free in scmibusnotifier The scmidev-name is released prematurely in scmidevicedestroy, which causes slab-use-after-free when accessing scmidev-name in scmibusnotifier. So move the release of...
CVE-2024-50277 dm: fix a crash if blk_alloc_disk fails
In the Linux kernel, the following vulnerability has been resolved: dm: fix a crash if blkallocdisk fails If blkallocdisk fails, the variable md-disk is set to an error value. cleanupmappeddevice will see that md-disk is non-NULL and it will attempt to access it, causing a crash on this statement...
Fedora: Security Advisory (FEDORA-2024-791f8d9804)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-48920
In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from writebackinodessbnr: $ cat fs/fs-writeback.c:...
CVE-2024-42313
CVE-2024-42313 affects the Linux kernel’s media: venus path, specifically a use-after-free in vdec_close() when the firmware queues a buffer-release work via HFI callbacks during decoding. The issue can occur if the decoder device is closed from userspace during normal decoding, potentially leadi...
Candy Redis 2.1.2 Admin Page Disclosure
==================================================================================================================================== | Title : Candy Redis V2.1.2 HTML Form in redirect page Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...
CVE-2024-36930
In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spisync If spisync is called with the non-empty queue and the same spimessage is then reused, the complete callback for the message remains set while the context is cleared, leading to a...
CVE-2021-47247 net/mlx5e: Fix use-after-free of encap entry in neigh update handler
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler Function mlx5erepneighupdate wasn't updated to accommodate rtnl lock removal from TC filter update path and properly handle concurrent encap entry...
CVE-2024-26865 rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsktimerhandler. syzkaller reported a warning of netns tracker 0 followed by KASAN splat 1 and another ref tracker warning 1. syzkaller could not find a repro, but in the log, the only...
CVE-2021-47165 drm/meson: fix shutdown crash when component not probed
In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix shutdown crash when component not probed When main component is not probed, by example when the dw-hdmi module is not loaded yet or in probe defer, the following crash appears on shutdown: Unable to handle kernel...
SUSE-SU-2024:0793-1 Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-44446: Fixed use-after-free remote code execution vulnerability via MXF file bsc1217213...
CLSA-2023-1703183930 haproxy: Fix of CVE-2023-45539
CVE-2023-45539: do not accept '' as part of the URI component...
CommunityIssuance.sol – Stability pool can manipulate time stamps with the fund function to issue more oath than appropriate.
Lines of code Vulnerability details If lastDistributionTime is set to a date in the future, it would allow the issueOath function to continue to mint tokens even after it should have stopped. This is because the if statement in issueOath checks whether the current time is greater than...
Unnecessary precision loss in redeemKIBT()
Lines of code Vulnerability details Impact Unnecessary precision loss in redeemKIBT Proof of Concept If enter Deprecated mode, user can switch back to StableCoin by percentage with redeemKIBT The redeemKIBT implementation code is as follows: function redeemKIBTuint256 amount external override...
CVE-2022-43396
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...
GSD-2022-1007179 kernfs: fix use-after-free in __kernfs_remove
kernfs: fix use-after-free in kernfsremove This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.153 by commit...
SUSE: Security Advisory (SUSE-SU-2022:3899-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for python3 (SUSE-SU-2022:2357-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GSD-2022-1004030 usb: dwc2: gadget: don't reset gadget's driver->bus
usb: dwc2: gadget: don't reset gadget's driver-bus This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.318 by commit...
GSD-2022-1002831 drm/amd/pm: fix double free in si_parse_power_table()
drm/amd/pm: fix double free in siparsepowertable This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...