Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE versions for 18.3.6, 18.4.4, and 18.5.2. The vulnerabilities include the ability for attackers to remove Duo authentication flows, access sensitive information via GraphQL subscriptions, and bypass access controls on GitLab Pages. These...

Linux Distros Unpatched Vulnerability : CVE-2023-53581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Check for NOTREADY flag state after locking Currently the check for NOTREADY flag is performed before obtaining the necessary lock. This opens a...

CVE-2023-53581 net/mlx5e: Check for NOT_READY flag state after locking

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOTREADY flag state after locking Currently the check for NOTREADY flag is performed before obtaining the necessary lock. This opens a possibility for race condition when the flow is concurrently removed from...

CVE-2023-52487 net/mlx5e: Fix peer flow lists handling

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix peer flow lists handling The cited change refactored mlx5etcdelfdbpeerflow to only clear DUP flag when list of peer flows has become empty. However, if any concurrent user holds a reference to a peer flow for...

PT-2024-7110 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.0-rc6+ Description: The vulnerability is related to the net/mlx5e component in the Linux kernel. It is caused by a NULL pointer dereference when trying to remove a flow peer list head of a peer index that wa...