CVE-2024-23377 Use of Out-of-range Pointer Offset in ComputerVision

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver...

CVE-2024-23377 Use of Out-of-range Pointer Offset in ComputerVision

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver...

CVE-2024-23377

CVE-2024-23377 describes memory corruption when a user-space IOCTL is invoked on Qualcomm EVA driver and the user tampers with the original packet size after system properties have been sent. Connected documents corroborate that the issue affects Qualcomm Snapdragon Compute EVA driver and is expo...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption that occurs when an IOCTL call is invoked from the usage space of an HGSL memory node...

SUSE-SU-2024:3815-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024111 fixes several issues. The following security issues were fixed: - CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. - CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. - CVE-2024-35863: Fixed potentia...

kernel: tty: Fix out-of-bound vmalloc access in imageblit

A vulnerability was found in the Linux kernel's tty subsystem within the imageblit function when a userspace program performs an ioctl operation with the FBIOPUTVSCREENINFO command, passing a fbvarscreeninfo structure with limited fields. If the structure’s values remain unchanged from a previous...

CVE-2024-50073

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Fix use-after-free in gsmcleanupmux BUG: KASAN: slab-use-after-free in gsmcleanupmux+0x77b/0x7b0 drivers/tty/ngsm.c:3160 ngsm Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0 UID: 0 PID: 3379 Comm: poc N...

CVE-2024-50073

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Fix use-after-free in gsmcleanupmux BUG: KASAN: slab-use-after-free in gsmcleanupmux+0x77b/0x7b0 drivers/tty/ngsm.c:3160 ngsm Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0 UID: 0 PID: 3379 Comm: poc N...

Vulnerability of the create_snapshot() function (fs/btrfs/ioctl.c) in the Btrfs file system of Linux kernels, allowing attackers to escalate their privileges

The vulnerability of the createsnapshot function fs/btrfs/ioctl.c in the Btrfs file system of Linux operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2024-49865

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xaalloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xaalloc all t...

CVE-2024-50048

In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbconputcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param uint8t type; struct tioclselection ts; ; int main struct...

DEBIAN-CVE-2024-50048

In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbconputcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param uint8t type; struct tioclselection ts; ; int main struct...

UBUNTU-CVE-2024-50044

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to use socklock so it must never be called with it locked but rfcommsockioctl always attempt to lock it causing the following trace:...

CVE-2024-50061

In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdnsi3cmaster Driver Due to Race Condition In the cdnsi3cmasterprobe function, &master-hjwork is bound with cdnsi3cmasterhj. And cdnsi3cmasterinterrupt can call...

CVE-2024-50048 fbcon: Fix a NULL pointer dereference issue in fbcon_putcs

In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbconputcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param uint8t type; struct tioclselection ts; ; int main struct...

CVE-2024-50048 fbcon: Fix a NULL pointer dereference issue in fbcon_putcs

In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbconputcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param uint8t type; struct tioclselection ts; ; int main struct...

CVE-2024-50048

CVE-2024-50048 (Linux kernel fbcon NULL pointer dereference) : A NULL pointer dereference in fbcon_putcs was triggered after using fbcon via FBIOPUT_CON2FBMAP and TIOCLINUX, due to an uninitialized ops->putcs path. Reproducer shows set_con2fb_map -> con2fb_init_display -> fbcon_set_disp ...

DEBIAN-CVE-2024-50006

In the Linux kernel, the following vulnerability has been resolved: ext4: fix idatasem unlock order in ext4indmigrate Fuzzing reports a possible deadlock in jbd2logwaitcommit. This issue is triggered when an EXT4IOCMIGRATE ioctl is set to require synchronous updates because the file descriptor is...

CVE-2024-50006 ext4: fix i_data_sem unlock order in ext4_ind_migrate()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix idatasem unlock order in ext4indmigrate Fuzzing reports a possible deadlock in jbd2logwaitcommit. This issue is triggered when an EXT4IOCMIGRATE ioctl is set to require synchronous updates because the file descriptor is...

DEBIAN-CVE-2024-49994

In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blkioctldiscard but for secure erase. Same problem: uint64t r2 = 512,...