UBUNTU-CVE-2024-53184

In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use containerof to get the ubd instance. Otherwise, removing a ubd device will result in a crash: RIP: 0033:blkmqfreetagset+0x1f/0xba RSP:...

PT-2024-36868 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A credential leak issue has been resolved in the Linux kernel. The problem occurred because get current cred increments the reference counter, but the corresponding put cred call was...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-47684)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47684 advisory. - In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-49981)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49981 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50179)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50179 advisory. - In the Linux kernel, the following vulnerability has been resolved: ceph: remove the incorrect Fw reference...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50082)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50082 advisory. - In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rqqoswait vs...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50154)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50154 advisory. - In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-49852)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49852 advisory. - In the Linux kernel, the following vulnerability has been resolved: scsi: elx: libefc: Fix potential use aft...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-49896)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49896 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check stream before...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50002)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50002 advisory. - In the Linux kernel, the following vulnerability has been resolved: staticcall: Handle module init failure...

CVE-2024-53109 nommu: pass NULL argument to vma_iter_prealloc()

In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vmaiterprealloc When deleting a vma entry from a maple tree, it has to pass NULL to vmaiterprealloc in order to calculate internal state of the tree, but it passed a wrong argument. As a result, nommu...

CVE-2024-53093 nvme-multipath: defer partition scanning

In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scanwork context. If a path error occurs here, the IO will wait until a path becomes available or all paths are...

CVE-2024-49869

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 "btrfs: send: annotate struct namecacheentry with countedby" we annotated the variable length array "name" from the...

CVE-2022-49003

A vulnerability was found in the Linux kernel's NVMe driver, involving a race condition in multipath configurations with RDMA connections. The nvmenshead list that tracks NVMe namespaces is not properly synchronized with the SRCU lock in the nvmempathrevalidatepaths function. This can cause a...

kernel: Local information disclosure on Intel(R) Atom(R) processors

A vulnerability was found in some Intel Atom Processor's microcode. This issue may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted system...

UBUNTU-CVE-2024-46863

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

DEBIAN-CVE-2023-52903

In the Linux kernel, the following vulnerability has been resolved: iouring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at iouring/iouring.c:734 iocqringeventoverflow+0x1c0/0x230 iouring/iouring.c:734 CPU: 0 PID: 28 Comm:...

UBUNTU-CVE-2024-40910

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount imbalance on inbound connections When releasing a socket in ax25release, we call netdevput to decrease the refcount on the associated ax.25 device. However, the execution path for accepting an incoming connecti...

UBUNTU-CVE-2024-39500

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

AZL-68066 CVE-2024-36949 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfdsuspendallprocesses to evict all processes on all devices, this call takes...