SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel-firmware-nvidia-gspx-G06 (SUSE-SU-2024:2585-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2585-1 advisory. Update to version 555.42.06 for CUDA. Security Update 550.90.07: - CVE-2024-0090: Fixed out of...

kernel: can: peak_pci: peak_pci_remove(): fix UAF

In the Linux kernel, the following vulnerability has been resolved: can: peakpci: peakpciremove: fix UAF When remove the module peekpci, referencing 'chan' again after releasing 'dev' will cause UAF. Fix this by releasing 'dev' later. The following log reveals it: 35.961814 BUG: KASAN:...

UBUNTU-CVE-2024-35247

In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcoun...

PT-2024-37478 · Wyze +1 · Wyze Cam V3 +1

Name of the Vulnerable Software and Affected Versions: Wyze Cam v3 versions affected versions not specified Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Wyze Cam v3 IP cameras without authentication. The flaw resides within the Realtek...

(Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Realtek Wi-Fi kernel module. The issue results from the lack of...

PT-2024-12777 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel ksmbd affected versions not specified Description: A flaw was found in the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized kfifo in the gpiolib:cdev module...

Important: kernel

Issue Overview: An issue was discovered in fs/iouring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service deadlock because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25...

The vulnerability of the rose_kill_by_device() function in the implementation of the Amateur Radio X.25 PLP (Rose) kernel of the Linux operating system allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the rosekillbydevice function in the net/rose/afrose.c module, which is part of the Amateur Radio X.25 PLP Rose implementation in the Linux operating system’s kernel, relates to exceptions when the buffer allocated to the stack is exceeded. Exploiting this vulnerability could...

SUSE CVE-2022-48706

In the Linux kernel, the following vulnerability has been resolved: vdpa: ifcvf: Do proper cleanup if IFCVF init fails ifcvfmgmtdev leaks memory if it is not freed before returning. Call is made to correct return statement so memory does not leak. ifcvfinithw does not take care of this so it is...

UBUNTU-CVE-2024-35955

In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULESTATELIVE - MODULESTATEGOING - MODULESTATEUNFORMED. Each change will take a time. ismoduletextaddress and...

The vulnerability of the aqc111_rx_fixup() function in the Aquantia AQtion USB driver for the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the aqc111rxfixup function in the drivers/net/usb/aqc111.c module of the Aquantia AQtion USB driver for the Linux operating system is related to a numerical overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...

DEBIAN-CVE-2024-35836

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed other kernel module instance of the same PCI device have had kept the reference to that pin, and kernel...

CVE-2024-35836 dpll: fix pin dump crash for rebound module

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed other kernel module instance of the same PCI device have had kept the reference to that pin, and kernel...

CVE-2024-35836 dpll: fix pin dump crash for rebound module

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed other kernel module instance of the same PCI device have had kept the reference to that pin, and kernel...

CVE-2024-27411

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: keep DMA buffers required for suspend/resume Nouveau deallocates a few buffers post GPU init which are required for GPU suspend/resume to function correctly. This is likely not as big an issue on systems where the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a kernel module error and causes a system-wide rendering freeze...

The vulnerability of the `ipv4_pktinfo_prepare()` function in the `net/ipv4/ip_sockglue.c` module of the Linux operating system’s IPv4 protocol implementation allows a attacker to cause a service failure.

The vulnerability of the Linux operating system’s IPv4 protocol implementation relates to the handling of the zero pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the __f2fs_setxattr() function in the fs/f2fs/xattr.c file of the Linux file system’s f2fs kernel module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the f2fs file system in Linux operating systems is related to the use of an uninitialized buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2023-43526

Memory corruption while querying module parameters from Listen Sound model client in kernel from user space...