19 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fixed a sleep-in-atomic bug caused by genpddebugRemove When a genpd with GENPDFLAGIRQSAFE is removed, the following sleep-in-atomic bug will occur, as genpdDebugRemove will be called with a spinlock held. 0.029183 BU...
CVE-2022-50744
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix hard lockup when reading the rxmonitor from debugfs During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fnX/rxmonitor, a hard lockup similar to the call trace below may occur. The spinlockbh in...
SUSE CVE-2022-49265
In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fix sleep-in-atomic bug caused by genpddebugremove When a genpd with GENPDFLAGIRQSAFE gets removed, the following sleep-in-atomic bug will be seen, as genpddebugremove will be called with a spinlock being held...
CVE-2022-49265 PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()
In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fix sleep-in-atomic bug caused by genpddebugremove When a genpd with GENPDFLAGIRQSAFE gets removed, the following sleep-in-atomic bug will be seen, as genpddebugremove will be called with a spinlock being held...
CVE-2024-45029
In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug: BUG: sleeping function called from invali...
CVE-2024-45029 i2c: tegra: Do not mark ACPI devices as irq safe
In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug: BUG: sleeping function called from invali...
CVE-2023-46836
The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...
CVE-2023-46836
The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...
CVE-2023-46836
The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...
Type confusion
The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...
CVE-2023-46836
The CVE pertains to Xen virtualization. The issue is a race condition where mitigations for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe; one entry path remains with interrupts enabled, and combined with the Meltdown XPTI fix (XSA-254) this was ...
CVE-2023-46836 x86: BTC/SRSO fixes not fully effective
The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...
Xen: x86: BTC/SRSO Fixes Not Fully Effective (XSA-446)
The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe as it was believed that the mitigations were always operated in contexts with IRQs disabled. However due to an unanticipated interaction with XSA-254 Meltdown, a race condition exists whereb...
kernel: writeback: avoid use-after-free after removing device
In the Linux kernel, the following vulnerability has been resolved: writeback: avoid use-after-free after removing device When a disk is removed, bdiunregister gets called to stop further writeback and wait for associated delayed work to complete. However, wbinodewritebackend may schedule bandwid...
kernel: PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()
In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fix sleep-in-atomic bug caused by genpddebugremove When a genpd with GENPDFLAGIRQSAFE gets removed, the following sleep-in-atomic bug will be seen, as genpddebugremove will be called with a spinlock being held...
UVI-2021-1002106 blk-cgroup: blk_cgroup_bio_start() should use irq-safe operations on blkg->iostat_cpu
blk-cgroup: blkcgroupbiostart should use irq-safe operations on blkg-iostatcpu This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.15 by commi...
UVI-2021-1001879 blk-cgroup: blk_cgroup_bio_start() should use irq-safe operations on blkg->iostat_cpu
blk-cgroup: blkcgroupbiostart should use irq-safe operations on blkg-iostatcpu This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.15 by commi...
GSD-2021-1001879 blk-cgroup: blk_cgroup_bio_start() should use irq-safe operations on blkg->iostat_cpu
blk-cgroup: blkcgroupbiostart should use irq-safe operations on blkg-iostatcpu This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.15 by commi...
Important: Red Hat Security Advisory: kernel-rt security and bug fix update
Updated kernel-rt packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise MRG 1.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...