31 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa – Fix for the asyncdisable descriptor leak The paths for disabling asyncdisable in functions like iaacompress and decompress do not free the idxd descriptors when asyncdisable is set. Currently, this issue only occurs...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa – Fixed an out-of-bounds index issue in findemptyiaacompressionmode. The local variable ‘i’ is initialized with -EINVAL, but the for loop immediately overwrites it, and -EINVAL is never returned. If no empty compressi...
Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50160)
The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50160 advisory. - mm/hugetlb: fix hugetlbpmdshared David Hildenbrand Orabug: 38931087 CVE-2026-23100 - platform/x86: classmate-laptop: Add missing NULL pointer...
CVE-2025-71231
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in findemptyiaacompressionmode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can b...
CVE-2025-71231
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in findemptyiaacompressionmode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can b...
UBUNTU-CVE-2025-71231
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in findemptyiaacompressionmode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can b...
Linux Distros Unpatched Vulnerability : CVE-2025-71231
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: iaa - Fix out-of-bounds index in findemptyiaacompressionmode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites...
CVE-2024-47732
A possible flaw was found in the Linux 6.8 kernel version via the b190447e0fa3 commit. This flaw allows an attacker to trigger a pointer exception that could cause performance issues, mainly impacting availability. The code should not be reachable since it is not called anywhere, making this a...
CVE-2024-47732 crypto: iaa - Fix potential use after free bug
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The freedevicecompressionmodeiaadevice, devicemode function frees "devicemode" but it iss passed to iaacompressionmodesi-free a few lines later resulting in a use after free. The goo...
CVE-2024-47732
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The freedevicecompressionmodeiaadevice, devicemode function frees "devicemode" but it iss passed to iaacompressionmodesi-free a few lines later resulting in a use after free. The goo...
CVE-2024-47732 crypto: iaa - Fix potential use after free bug
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The freedevicecompressionmodeiaadevice, devicemode function frees "devicemode" but it iss passed to iaacompressionmodesi-free a few lines later resulting in a use after free. The goo...
CVE-2024-47732 crypto: iaa - Fix potential use after free bug
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The freedevicecompressionmodeiaadevice, devicemode function frees "devicemode" but it iss passed to iaacompressionmodesi-free a few lines later resulting in a use after free. The goo...
kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application
Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...
Fedora 39 : kernel (2024-49fcf86f58)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-49fcf86f58 advisory. The 6.8.10 stable kernel update contains a number of important fixes across the tree Tenable has extracted the preceding description block directly...
Fedora 40 : kernel (2024-92664ae6fe)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-92664ae6fe advisory. The 6.8.10 stable kernel update contains a number of important fixes across the tree Tenable has extracted the preceding description block directly...
SUSE CVE-2024-35926
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix asyncdisable descriptor leak The disableasync paths of iaacompress/decompress don't free idxd descriptors in the asyncdisable case. Currently this only happens in the testcases where req-dst is set to null. Add ...
CVE-2024-35926
CVE-2024-35926 : In the Linux kernel, the crypto IA A group fixes an async_disable descriptor leak in the iaa_compress/decompress paths. The root cause was that disable_async paths did not free idxd descriptors, leaking resources in tests where req->dst is null. A patch adds a proper free, res...
CVE-2024-35926 crypto: iaa - Fix async_disable descriptor leak
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix asyncdisable descriptor leak The disableasync paths of iaacompress/decompress don't free idxd descriptors in the asyncdisable case. Currently this only happens in the testcases where req-dst is set to null. Add ...
CVE-2024-35926 crypto: iaa - Fix async_disable descriptor leak
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix asyncdisable descriptor leak The disableasync paths of iaacompress/decompress don't free idxd descriptors in the asyncdisable case. Currently this only happens in the testcases where req-dst is set to null. Add ...
UBUNTU-CVE-2024-21823
Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...