406 matches found
UBUNTU-CVE-2024-42113
In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize numqvectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx-numqvectors is uninitialized. Thus there will be kernel panic in wxallocqvectors to allocate queue vectors...
UBUNTU-CVE-2024-42228
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value size when calling amdgpuvcecsreloc Initialize the size before calling amdgpuvcecsreloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate...
CVE-2024-42113
In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize numqvectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx-numqvectors is uninitialized. Thus there will be kernel panic in wxallocqvectors to allocate queue vectors...
CVE-2024-42113 net: txgbe: initialize num_q_vectors for MSI/INTx interrupts
In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize numqvectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx-numqvectors is uninitialized. Thus there will be kernel panic in wxallocqvectors to allocate queue vectors...
CVE-2024-42076 net: can: j1939: Initialize unused data in j1939_send_one()
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939sendone syzbot reported kernel-infoleak in rawrecvmsg 1. j1939sendone creates full frame including unused data, but it doesn't initialize it. This causes the kernel-infoleak issue...
CVE-2024-42076 net: can: j1939: Initialize unused data in j1939_send_one()
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939sendone syzbot reported kernel-infoleak in rawrecvmsg 1. j1939sendone creates full frame including unused data, but it doesn't initialize it. This causes the kernel-infoleak issue...
CVE-2024-42076
The CVE-2024-42076 entry relates to the Linux kernel net/can/j1939 path, where j1939_send_one() allocated a full frame but did not initialize unused data, enabling a kernel-infoleak via raw_recvmsg() paths observed by syzbot. The root cause is uninitialized memory in the frame allocation (Bytes 1...
CVE-2024-41079 nvmet: always initialize cqe.result
In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesn't mandate that the first two double words aka results for the command queue entry need to be set to 0 when they are not used not specified. Though, the target implemention return...
DEBIAN-CVE-2022-48825
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add stagwork to all the vports Call trace seen when creating NPIV ports, only 32 out of 64 show online. stag work was not initialized for vport, hence initialize the stag work. WARNING: CPU: 8 PID: 645 at...
CVE-2024-40925 block: fix request.queuelist usage in flush
In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e "blk-flush: reuse rq queuelist in flush state machine". The root cause is that we use...
MAL-2024-6474 Malicious code in activerecord-safe-initialize (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in activerecord-safe-initialize (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
SUSE CVE-2024-38592
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddpcomp with devmkcalloc In the case where connroutes is true we allocate an extra slot in the ddpcomp array but mtkdrmcrtccreate never seemed to initialize it in the test case I ran. For me, this caused a late...
Google Pixel Security Breach
Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a lack of bounds checking in the lwisinitializetransactionfences module of lwisfence.c, where out-of-bounds writes may exist...
DEBIAN-CVE-2024-36927
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...
CVE-2024-36927 ipv4: Fix uninit-value access in __ip_make_skb()
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...
DEBIAN-CVE-2023-52853
In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INITDELAYEDWORK within cp2112gpioirqstartup, resulting in duplicate initilizations of the workqueue on subsequent IRQ startups following an...
CVE-2023-52862 drm/amd/display: Fix null pointer dereference in error message
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core DC fails to initialize. The original message includes the DC...
DEBIAN-CVE-2021-47361
In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcballocbus There are two bugs: 1 If idasimpleget fails then this code calls putdevicecarrier but we haven't yet called getdevicecarrier and probably that leads to a use after free. 2 After...
DEBIAN-CVE-2021-47259
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4initclient KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting...