CVE-2021-47139 net: hns3: put off calling register_netdev() until client initialize complete

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling registernetdev until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case,...

CVE-2021-47139

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling registernetdev until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case,...

CVE-2021-47136 net: zero-initialize tc skb extension on allocation

In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skbextadd doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TCSKBEXT originally contained only sing...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6716-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6716-1 advisory. Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing...

CVE-2021-47139

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling registernetdev until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case,...

PT-2024-11189 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11.0-rc3+ Description: The vulnerability is related to the hns3 network driver in the Linux kernel. The issue arises when the netdevice is registered before the client initialization is complete, creating a ti...

The vulnerability of the p2putil.c component in the iNet Wireless daemon allows a hacker to induce a service failure.

The vulnerability of the p2putil.c component in iNet Wireless allows for initialization errors to occur. Exploiting this vulnerability could enable a remote attacker to cause service interruptions...

Ubuntu: Security Advisory (USN-6686-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1394

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6681-4)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6681-4 advisory. Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing...

kernel: blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkgiostatset after clearing in blkcgresetstats When blkgalloc is called to allocate a blkcggq structure with the associated blkgiostatset's, there are 2 fields within blkgiostatset that requires proper...

Insecure Default Initialization Of Resource

Liferay Portal is vulnerable to Insecure Default Initialization of Resource. This vulnerability is due to the default value of the portal property http.header.version.verbosity being set to full, allowing remote attackers to easily identify the version of the application and its vulnerabilities v...

SUSE CVE-2021-47116

In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4mbinitbackend on error path. Fix a memory leak discovered by syzbot when a file system is corrupted with an illegally large sloggroupsperflex...

CVE-2024-26638

In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...

UBUNTU-CVE-2023-52616

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpiecinit When the mpiecctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this iss...

CVE-2024-26638 nbd: always initialize struct msghdr completely

In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...

WordPress Plugin Enjoy Social Feed Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2021-47118

In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing cadpid During boot, kernelinitfreeable initializes cadpid to the init task's struct pid. Later on, we may change cadpid via a sysctl, and when this happens procdocadpid will increment the...

CVE-2021-47118

In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing cadpid During boot, kernelinitfreeable initializes cadpid to the init task's struct pid. Later on, we may change cadpid via a sysctl, and when this happens procdocadpid will increment the...

CVE-2021-47118 pid: take a reference when initializing `cad_pid`

In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing cadpid During boot, kernelinitfreeable initializes cadpid to the init task's struct pid. Later on, we may change cadpid via a sysctl, and when this happens procdocadpid will increment the...