CVE-2024-40907 ionic: fix kernel panic in XDP_TX action

In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic in XDPTX action In the XDPTX path, ionic driver sends a packet to the TX path with rx page and corresponding dma address. After tx is done, ionictxclean frees that page. But RX ring buffer isn't reset to...

CVE-2024-39502

CVE-2024-39502 : Linux kernel vulnerability in the Ionic driver where use-after-free can occur in netif_napi_del handling. If multiple TX/RX queues are configured (e.g., 4) but only 3 are used, ionic_qcq_enable may call napi_enable() for a queue that was unregistered by netif_napi_del(), since ne...

CVE-2024-39502 ionic: fix use after netif_napi_del()

In the Linux kernel, the following vulnerability has been resolved: ionic: fix use after netifnapidel When queues are started, netifnapiadd and napienable are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues' napi should be registered and...

CVE-2024-39502 ionic: fix use after netif_napi_del()

In the Linux kernel, the following vulnerability has been resolved: ionic: fix use after netifnapidel When queues are started, netifnapiadd and napienable are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues' napi should be registered and...

CVE-2024-39502 ionic: fix use after netif_napi_del()

In the Linux kernel, the following vulnerability has been resolved: ionic: fix use after netifnapidel When queues are started, netifnapiadd and napienable are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues' napi should be registered and...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel due to an issue with the ionic driver using a freed page in an XDPTX operation...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue with the ionic component using a released network interface card when handling the NAPI New API for...

PT-2024-29135 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel version 6.9.0 Description: The vulnerability is caused by the ionic driver sending a packet to the TX path with an rx page and corresponding dma address in the XDP TX path. After the transmission is done, the ionic tx clean...

Malicious code in o2-ionic-image-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d248abb658f1d8182b04e7135dedf8d2d25735b9f551142b202be9044280580 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-941 Malicious code in o2-ionic-image-loader-v7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c645fd90c285367a338c640179963eff4cec0a670e47392a050ca826671442bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in o2-ionic-image-loader-v7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c645fd90c285367a338c640179963eff4cec0a670e47392a050ca826671442bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ionic-simple-lockscreen-md5 (=0.0.7), ons-mobile-login (=0.0.136) potentially affected by CVE-2021-43849 via cordova-plugin-fingerprint-aio (=1.7.0)

cordova-plugin-fingerprint-aio NPM version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on cordova-plugin-fingerprint-aio and may be impacted: - ionic-simple-lockscreen-md5 =0.0.7 - ons-mobile-login =0.0.136 Source cves: CVE-2021-43849 Source...

Unbreakable Enterprise kernel security update

5.15.0-100.96.32 - crypto: Report fips module name and version for aarch64 Saeed Mirzamohammadi Orabug: 35225251 - uek-rpm: Enable RFC7919 config for aarch64 Saeed Mirzamohammadi Orabug: 35225251 5.15.0-100.96.31 - uek-rpm: Update linux-firmware dependency Somasundaram Krishnasamy Orabug: 3521342...

Malicious code in ionic-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09de95e7d76d2e16b11246cf303cad1b6e649a71e2c5757deaafabe8081d0114 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3930 Malicious code in ionic-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09de95e7d76d2e16b11246cf303cad1b6e649a71e2c5757deaafabe8081d0114 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GE Gas Power ToolBoxST

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: GE Gas Power Equipment: ToolBoxST Vulnerabilities: Improper Restriction of XML External Entity Reference, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result...

CVE-2021-44033

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed...

CVE-2021-44033

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed...

Design/Logic Flaw

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed...

CVE-2021-44033

The CVE-2021-44033 vulnerability affects Ionic Identity Vault prior to version 5.0.5 (notably 5.0.4 and earlier) and permits bypassing the protection mechanism for invalid unlock attempts on Android and iOS. The issue stems from the PIN unlock lockout logic, enabling an attacker to bypass authent...