net/iucv: fix use after free in iucv_sock_close()

...

kernel: mm: cachestat: fix two shmem bugs

CVE-2024-35797 is a vulnerability in the Linux kernel’s memory management, specifically affecting the cachestat feature when handling shared memory. The flaw stems from race conditions during operations like swapping or invalidation, which can lead to out-of-bounds memory access or invalid pointe...

CVE-2024-44993

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix out-of-bounds read in v3dcsdjobrun When enabling UBSAN on Raspberry Pi 5, we get the following warning: 387.894977 UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3dsched.c:320:3 387.903868 index 7 is out of...

DEBIAN-CVE-2024-44987

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6sendskb syzbot reported an UAF in ip6sendskb 1 After ip6localout has returned, we no longer can safely dereference rt, unless we hold rcureadlock. A similar issue has been fixed in commit a688caa34beb "ipv...

kernel: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races in unixreleasesock/unixstreamsendmsg A data-race condition has been identified in afunix. In one data path, the write function unixreleasesock atomically writes to sk-skshutdown using WRITEONCE. However, on...

AZL-49111 CVE-2024-44938 affecting package kernel for versions less than 5.15.182.1-1

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2 returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shif...

UBUNTU-CVE-2024-44933

In the Linux kernel, the following vulnerability has been resolved: bnxten : Fix memory out-of-bounds in bnxtfillhwrsstbl A recent commit has modified the code in bnxtreserverings to set the default RSS indirection table to default only when the number of RX rings is changing. While this works fo...

DEBIAN-CVE-2022-48939

In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcubarrier Nothing prevents batch ops to...

SUSE CVE-2022-48888

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix memory leak in msmmdssparsedatabusiccpath oficcget alloc resources for path1, we should release it when not need anymore. Early return when ISERRORNULLpath0 may leak path1. Defer getting path1 to fix this...

UBUNTU-CVE-2022-48877

In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extenttree is not created This patch avoids the below panic. pc : lookupextenttree+0xd8/0x760 lr : f2fsdowritedatapage+0x104/0x87c sp : ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27:...

DEBIAN-CVE-2024-43872

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. This may cause the CPU core staying in interrupt context too long and lead to soft lockup under heavy load. Handle CEQEs in BH...

AZL-48056 CVE-2024-43857 affecting package kernel for versions less than 6.6.64.2-9

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null reference error when checking end of zone This patch fixes a potentially null pointer being accessed by isendzoneblkaddr that checks the last block of a zone when f2fs is mounted as a single device...

DEBIAN-CVE-2024-43851

In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: rename cpunumber1 to dummycpunumber The per cpu variable cpunumber1 is passed to xlnxeventhandler as argument "devid", but it is not used in this function. So drop the initialization of this variable and rename it to...

CVE-2024-43851

In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: rename cpunumber1 to dummycpunumber The per cpu variable cpunumber1 is passed to xlnxeventhandler as argument "devid", but it is not used in this function. So drop the initialization of this variable and rename it to...

DEBIAN-CVE-2024-42315

In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on exfatgetdentryset When accessing a file with more entries than ESMAXENTRYNUM, the bh-array is allocated in exfatgetentryset. The problem is that the bh-array is allocated with GFPKERNEL. It does n...

CVE-2024-24861 affecting package kernel for versions less than 6.6.35.1-4

CVE-2024-24861 affecting package kernel for versions less than 6.6.35.1-4. A patched version of the package is available...

kernel: net: fix information leakage in /proc/net/ptype

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

kernel: net/sched: flower: Fix chain template offload

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload The Linux kernel CVE team has assigned CVE-2024-26669 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040237-CVE-2024-26669-ca3c@gregkh/T...

kernel: netfilter: tproxy: bail out if IP has been disabled on the device

In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 1 PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...

AZL-47471 CVE-2024-42236 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form if str0 - 1 == '\n' followed...