kernel: mptcp: pm: Fix uaf in __timer_delete_sync

A use-after-free flaw was found in the Linux kernel’s Multipath TCP MPTCP subsystem. This flaw allows a local user to crash or potentially escalate their privileges on the system...

UBUNTU-CVE-2024-53049

In the Linux kernel, the following vulnerability has been resolved: slub/kunit: fix a WARNING due to unwrapped kmalloccachenoprof 'modprobe slubkunit' will have a warning as shown below. The root cause is that kmalloccachenoprof was directly used, which resulted in no alloctag being allocated. Th...

DEBIAN-CVE-2024-50280

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayedwork on cachectr error An unexpected WARNON from flushwork may occur when cache creation fails, caused by destroying the uninitialized delayedwork waker in the error path of cachecreate...

UBUNTU-CVE-2024-50286

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbdsmb2sessioncreate There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch add missing sessionstablelock while adding/deleting session from global session...

CVE-2024-50286 ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbdsmb2sessioncreate There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch add missing sessionstablelock while adding/deleting session from global session...

kernel: md: fix resync softlockup when bitmap size is less than array size

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU3 stuck for 26s!...

kernel: lz4: fix LZ4_decompress_safe_partial read out of bound

In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer or can't proceed with reading an offset for following match. In some extreme corner cases when compresse...

kernel: aio: fix use-after-free due to missing POLLFREE handling

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfdpoll and binderpoll are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is okay f...

kernel: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags:...

kernel: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()

In the Linux kernel, the following vulnerability has been resolved: ACPI: processoridle: Fix memory leak in acpiprocessorpowerexit After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896282f6c000 size 1024: comm...

SUSE CVE-2024-50213

In the Linux kernel, the following vulnerability has been resolved: drm/tests: hdmi: Fix memory leaks in drmdisplaymodefromceavic modprobe drmhdmistatehelpertest and then rmmod it, the following memory leak occurs. The mode allocated in drmmodeduplicate called by drmdisplaymodefromceavic is not...

CVE-2024-50190 ice: fix memleak in ice_init_tx_topology()

In the Linux kernel, the following vulnerability has been resolved: ice: fix memleak in iceinittxtopology Fix leak of the FW blob DDP pkg. Make icecfgtxtopo const-correct, so iceinittxtopology can avoid copying whole FW blob. Copy just the topology section, and only when needed. Reuse the buffer...

AZL-53322 CVE-2024-50143 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udfgetfileshortad Check for overflow when computing alen in udfcurrentaext to mitigate later uninit-value use in udfgetfileshortad KMSAN bug1. After applying the patch reproducer did not trigger any...

CVE-2024-50168 net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()

In the Linux kernel, the following vulnerability has been resolved: net/sun382586: fix potential memory leak in sun382586sendpacket The sun382586sendpacket returns NETDEVTXOK without freeing skb in case of skb-len being too long, add devkfreeskb to fix it...

CVE-2024-50148 Bluetooth: bnep: fix wild-memory-access in proto_unregister

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister There's issue as follows: KASAN: maybe wild-memory-access in range 0xdead...108-0xdead...10f CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP:...

DEBIAN-CVE-2024-50094

In the Linux kernel, the following vulnerability has been resolved: sfc: Don't invoke xdpdoflush from netpoll. Yury reported a crash in the sfc driver originated from netpollsendudp. The netconsole sends a message and then netpoll invokes the driver's NAPI function with a budget of zero. It is...

SUSE SLES15 Security Update : kernel (Live Patch 43 for SLE 15 SP3) (SUSE-SU-2024:3814-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3814-1 advisory. This update for the Linux Kernel 5.3.18-15030059158 fixes several issues. The following security issues were fixed: - CVE-2021-47598: schcake: ...

Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024103 fixes several issues. The following security issues were fixed: CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF in isvalidoplockbreak bsc1225011. CVE-2023-52752: smb: client: fix...

SUSE CVE-2024-50069

In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devmkasprintf returned value devmkasprintf can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review...

DEBIAN-CVE-2024-50084

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcapapiencoderuletest Commit a3c1e45156ad "net: microchip: vcap: Fix use-after-free error in kunit test" fixed the use-after-free error, but introduced below memory leaks by removing...