CVE-2024-50116 nilfs2: fix kernel bug due to missing clearing of buffer delay flag

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUGON check for the buffer delay flag in submitbhwbc may fai...

CVE-2024-50116 nilfs2: fix kernel bug due to missing clearing of buffer delay flag

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUGON check for the buffer delay flag in submitbhwbc may fai...

CVE-2024-50114 KVM: arm64: Unregister redistributor for failed vCPU creation

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: slab-use-after-free in kvmputkvm+0x300/0xe68...

SUSE CVE-2024-50085

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcppmnlrmaddrorsubflow Syzkaller reported this splat: ================================================================== BUG: KASAN: slab-use-after-free in mptcppmnlrmaddrorsubflow+0xb44/0xcc0...

SUSE CVE-2024-49932

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't readahead the relocation inode on RST On relocation we're doing readahead on the relocation inode, but if the filesystem is backed by a RAID stripe tree we can get ENOENT e.g. due to preallocated extents not being...

SUSE CVE-2024-49873

In the Linux kernel, the following vulnerability has been resolved: mm/filemap: fix filemapgetfolioscontig THP panic Patch series "memfd-pin huge page fixes". Fix multiple bugs that occur when using memfdpinfolios with hugetlb pages and THP. The hugetlb bugs only bite when the page is not yet...

SUSE CVE-2024-49880

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in allocflexgd Wesley reported an issue: ================================================================== EXT4-fs dm-5: resizing filesystem from 7168 to 786432 blocks ------------ cut here -----------...

CVE-2024-49880

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in allocflexgd Wesley reported an issue: ================================================================== EXT4-fs dm-5: resizing filesystem from 7168 to 786432 blocks ------------ cut here -----------...

CVE-2022-48969

In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Fix NULL sring after live migration A NAPI is setup for each network sring to poll data to kernel The sring with source host is destroyed before live migration and new sring with target host is setup after live...

UBUNTU-CVE-2022-48980

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: avoid out of bounds access in sja1105initl2policing The SJA1105 family has 45 L2 policing table entries SJA1105MAXL2POLICINGCOUNT and SJA1110 has 110 SJA1110MAXL2POLICINGCOUNT. Keeping the table structure but...

UBUNTU-CVE-2022-48989

In the Linux kernel, the following vulnerability has been resolved: fscache: Fix oops due to race with cookielru and usecookie If a cookie expires from the LRU and the LRUDISCARD flag is set, but the state machine has not run yet, it's possible another thread can call fscacheusecookie and begin t...

DEBIAN-CVE-2024-49932

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't readahead the relocation inode on RST On relocation we're doing readahead on the relocation inode, but if the filesystem is backed by a RAID stripe tree we can get ENOENT e.g. due to preallocated extents not being...

CVE-2024-49880

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in allocflexgd Wesley reported an issue: ================================================================== EXT4-fs dm-5: resizing filesystem from 7168 to 786432 blocks ------------ cut here -----------...

UBUNTU-CVE-2024-49999

In the Linux kernel, the following vulnerability has been resolved: afs: Fix the setting of the server responding flag In afswaitforoperation, we set transcribe the call responded flag to the server record that we used after doing the fileserver iteration loop - but it's possible to exit the loop...

CVE-2024-49932 btrfs: don't readahead the relocation inode on RST

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't readahead the relocation inode on RST On relocation we're doing readahead on the relocation inode, but if the filesystem is backed by a RAID stripe tree we can get ENOENT e.g. due to preallocated extents not being...

CVE-2024-49880 ext4: fix off by one issue in alloc_flex_gd()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in allocflexgd Wesley reported an issue: ================================================================== EXT4-fs dm-5: resizing filesystem from 7168 to 786432 blocks ------------ cut here -----------...

CVE-2024-49880

The CVE-2024-49880 entry concerns an off-by-one in ext4 resizing logic (alloc_flex_gd) leading to a kernel BUG in resize operations (resize2fs) when resizing a filesystem. The vulnerability is addressed by a patch that removes the problematic +1 (and adds a WARN_ON_ONCE) to ensure flex_gd->res...

CVE-2024-47685

A flaw was found in the Netfilter and IPV6 functionality in the Linux kernel leading to a leak of 4 random bits. This issue may allow a remote user to preform an unauthorized read of random bits from the server. Mitigation If IPV6 or netfilter is not being used, then the issue is not applicable. ...

DEBIAN-CVE-2024-47716

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal...

UBUNTU-CVE-2024-47695

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: Reset cid to connum - 1 to stay in bounds In the function initconns, after the createcon and createcm for loop if something fails. In the cleanup for loop after the destroy tag, we access out of bound memory becaus...