73 matches found
AZL-59136 CVE-2024-58063 affecting package kernel for versions less than 5.15.180.1-1
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: fix memory leaks and invalid access at probe error path Deinitialize at reverse order when probe fails. When initswvars fails, rtldeinitcore should not be called, specially now that it destroys the rtlwq workqueue...
fast-float2 has a segmentation fault due to lack of bound check
In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...
CVE-2024-56765
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close callback in vasvmops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during migration to unmap the paste address if the window...
CVE-2024-56765 powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close callback in vasvmops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during migration to unmap the paste address if the window...
CVE-2024-56665 bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog
In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid progarray access in perfeventdetachbpfprog Syzbot reported 1 crash that happens for following tracing scenario: - create tracepoint perf event with attr.inherit=1, attach it to the process and set bpf progra...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the serial: sc16is7xx component accessing a special set of registers could result in an invalid FIFO access...
SUSE CVE-2024-42162
In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gvegetethtoolstats might make an invalid access on the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to account for the possibility that the NIC may only send statistics for some queues when reading...
Important: kernel
Issue Overview: An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x8664 lacks consistency checks for CR0 and CR4. CVE-2023-30456 In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookuprec when...
CVE-2023-52468
In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in classregister The lockclasskey is still registered and can be found in lockkeyshash hlist after subsysprivate is freed in error handler path.A task who iterate over the lockkeyshash later may cause...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in classregister The lockclasskey is still registered and can be found in lockkeyshash hlist after subsysprivate is freed in error handler path.A task who iterate over the lockkeyshash later may cause...
CVE-2023-52468
In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in classregister The lockclasskey is still registered and can be found in lockkeyshash hlist after subsysprivate is freed in error handler path.A task who iterate over the lockkeyshash later may cause...
CVE-2023-52468 class: fix use-after-free in class_register()
In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in classregister The lockclasskey is still registered and can be found in lockkeyshash hlist after subsysprivate is freed in error handler path.A task who iterate over the lockkeyshash later may cause...
CVE-2023-52468
In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in classregister The lockclasskey is still registered and can be found in lockkeyshash hlist after subsysprivate is freed in error handler path.A task who iterate over the lockkeyshash later may cause...
CVE-2023-52468
The CVE-2023-52468 entry describes a Linux kernel use-after-free in class_register. The issue arises because lock_class_key remains registered in lock_keys_hash after subsys_private is freed in an error path, so a task iterating the hash later may trigger a use-after-free. The fix unregisters the...
CVE-2023-52468 class: fix use-after-free in class_register()
In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in classregister The lockclasskey is still registered and can be found in lockkeyshash hlist after subsysprivate is freed in error handler path.A task who iterate over the lockkeyshash later may cause...
CVE-2023-52468 class: fix use-after-free in class_register()
In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in classregister The lockclasskey is still registered and can be found in lockkeyshash hlist after subsysprivate is freed in error handler path.A task who iterate over the lockkeyshash later may cause...
CVE-2020-18770
An invalid memory access flaw was found in the mmapped.c file's zzipdiskentrytofileheader function in Zziplib. This issue could allow an attacker to entice a victim into opening a specially crafted file, leading to a denial of service...
SUSE CVE-2015-8790
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access...
GHSA-JRCF-4JP8-M28V miow invalidly assumes the memory layout of std::net::SocketAddr
The miow crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...