DEBIAN-CVE-2024-35947

In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUGON in control parser Fix a BUGON from 2009. Even if it looks "unreachable" I didn't really look, lets make sure by removing it, doing prerr and return -EINVAL instead...

UBUNTU-CVE-2024-35915

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in ncidevup and ncintfpacket syzbot reported the following uninit-value access issue 12: ncirxwork parses and processes received packet. When the payload length is zero, each message type handler reads...

CVE-2024-35896 netfilter: validate user input for expected length

In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 "bpf: Try to avoid kzalloc in cgroup/s,getsockopt" setsockopt @optlen argument should be...

SUSE CVE-2022-48703

In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...

DEBIAN-CVE-2024-27031

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfsnetfsissueread xarray locking for writeback interrupt The loop inside nfsnetfsissueread currently does not disable interrupts while iterating through pages in the xarray to submit for NFS read. This is not safe though...

UBUNTU-CVE-2024-27063

In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kernel panic on interface rename trig notify Commit d5e01266e7f5 "leds: trigger: netdev: add additional specific link speed mode" in the various changes, reworked the way to set the LINKUP mode in commi...

UBUNTU-CVE-2024-27061

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8icecipherunprepare should be called before cryptofinalizeskcipherrequest, because client callbacks may immediately free memory, that isn't needed anymore. But it will be used...

UBUNTU-CVE-2024-27024

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rdsconnconnectifdown If connection isn't established yet, getmr will fail, trigger connection after getmr...

UBUNTU-CVE-2024-27388

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssxdecoptionarray The creds and oa-data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths...

UBUNTU-CVE-2023-52653

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gssimportv2context The ctx-mechused.data allocated by kmemdup is not freed in neither gssimportv2context nor it only caller gsskrb5importseccontext, which frees ctx on error. Thus, this patch reform the...

UBUNTU-CVE-2024-27005

In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access reqlist while it's being manipulated The icclock mutex was split into separate icclock and iccbwlock mutexes in 1 to avoid lockdep splats. However, this didn't adequately protect access to...

UBUNTU-CVE-2024-26982

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero Syskiller has produced an out of bounds access in fillmetaindex. That out of bounds access is ultimately caused because the inode has an inode number with the...

kernel: gro: fix ownership transfer

A flaw was found in the Linux kernel's Generic Receive Offload GRO feature, where packets processed with a fragment list are not properly orphaned due to incorrect handling of socket references. This vulnerability can cause system instability or kernel bugs. The issue has been fixed by making sur...

DEBIAN-CVE-2024-26865

In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsktimerhandler. syzkaller reported a warning of netns tracker 0 followed by KASAN splat 1 and another ref tracker warning 1. syzkaller could not find a repro, but in the log, the only...

SUSE CVE-2024-26813

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

CVE-2014-3185 affecting package kernel for versions less than 5.15.153.1-1

CVE-2014-3185 affecting package kernel for versions less than 5.15.153.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-26805 netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter

In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in skbdatagramiter syzbot reported the following uninit-value access issue 1: netlinktofullskb creates a new skb and puts the skb-data passed as a 1st arg of netlinktofullskb onto new skb...

CVE-2024-26766

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx-numdescs off-by-one error Unfortunately the commit fd8958efe877 introduced another error causing the descs array to overflow. This reults in further crashes easily reproducible by sendmsg system call...

UBUNTU-CVE-2024-26732

In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockoptSOPEEKOFF syzbot reported a lockdep violation 1 involving afunix support of SOPEEKOFF. Since SOPEEKOFF is inherently not thread safe it uses a per-socket skpeekoff field, there is really no point...

UBUNTU-CVE-2024-26731

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in skpsockverdictdataready syzbot reported the following NULL pointer dereference issue 1: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:0x0 ... Call Trac...