CVE-2024-36019 regmap: maple: Fix cache corruption in regcache_maple_drop()

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcachemapledrop When keeping the upper end of a cache block entry, the entry array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code was...

CVE-2024-36054

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory and consequently gain all privileges via IOCTL 0x9c4064b8 via MmMapIoSpace and IOCTL 0x9c406490 via ZwMapViewOfSection...

CVE-2024-36054

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory and consequently gain all privileges via IOCTL 0x9c4064b8 via MmMapIoSpace and IOCTL 0x9c406490 via ZwMapViewOfSection...

CVE-2024-36054

CVE-2024-36054 affects Marvin Test HW.exe (Hw64.sys) prior to 5.0.5.0. The vulnerability arises from the driver exposing IOCTL 0x9c4064b8 (MmMapIoSpace) and IOCTL 0x9c406490 (ZwMapViewOfSection), allowing unprivileged user-mode processes to arbitrarily read kernel memory and thereby gain all priv...

CVE-2024-36054

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory and consequently gain all privileges via IOCTL 0x9c4064b8 via MmMapIoSpace and IOCTL 0x9c406490 via ZwMapViewOfSection...

MarvinTest Solutions HW.exe 安全漏洞

MarvinTest Solutions HW.exe is a driver file from MarvinTest Solutions, USA. A security vulnerability exists in MarvinTest Solutions HW.exe versions prior to 5.0.5.0, which originates from allowing arbitrary reads of kernel memory...

PT-2024-26867 · Unknown · Marvin Test Hw.Exe

Name of the Vulnerable Software and Affected Versions: Marvin Test HW.exe versions prior to 5.0.5.0 Description: The issue allows unprivileged user-mode processes to arbitrarily read kernel memory, and consequently gain all privileges, via specific IOCTL commands. The affected IOCTL commands are...

SUSE CVE-2021-47462

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: do not allow illegal MPOLFNUMABALANCING | MPOLLOCAL in mbind syzbot reported access to unitialized memory in mbind 1 Issue came with commit bda420b98505 "numa balancing: migrate on fault among multiple bound nodes"...

DEBIAN-CVE-2021-47508

In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 size 64: comm "xfsio", pid 12124, jiffies 4294987392 age 6.368s hex...

UBUNTU-CVE-2021-47508

In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 size 64: comm "xfsio", pid 12124, jiffies 4294987392 age 6.368s hex...

UBUNTU-CVE-2024-36012

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msftdoclose Tying the msft-data lifetime to hdev by freeing it in hcireleasedev to fix the following case: use msftdoclose msft = hdev-msftdata; if !msft ...1 filterlock; ...4 msftdata;...

SUSE CVE-2023-52843

In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with ethhdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llcrcv on a tun device. Tun can insert packets without mac len and...

kernel: ethtool: Fix uninitialized number of lanes

In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy IOCTL ethtool interface. Since 'struct ethtoollinkksettings' is not initialized in this path, drive...

kernel: bpf: cpumap: Fix memory leak in cpu_map_update_elem

In the Linux kernel, the following vulnerability has been resolved: bpf: cpumap: Fix memory leak in cpumapupdateelem Syzkaller reported a memory leak as follows: BUG: memory leak unreferenced object 0xff110001198ef748 size 192: comm "syz-executor.3", pid 17672, jiffies 4298118891 age 9.906s hex...

kernel: ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup()

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Check for null return of devmkzalloc in fchmiscsetup devmkzalloc may fail, clkdata-name might be NULL and will cause a NULL pointer dereference later. rjw: Subject and changelog edits...

CVE-2021-47485 IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qibusersdmapkt fields Overflowing either addrlimit or bytestogo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math on...

DEBIAN-CVE-2021-47473

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix a memory leak in an error path of qla2x00processels Commit 8c0eb596baa5 "SCSI qla2xxx: Fix a memory leak in an error path of qla2x00processels", intended to change: bsgjob-request-msgcode == FCBSGHSTELSNOLOGIN...

DEBIAN-CVE-2023-52842

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix uninit-value in virtiotransportrecvpkt KMSAN reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in virtiotransportrecvpkt+0x1dfb/0x26...

CVE-2023-52746

In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrmxlate32attr int type = nlatypenla; if type XFRMAMAX return -EOPNOTSUPP; @type is then used as an array index and can be used as a Spectre v1 gadget. if nlalennla...

UBUNTU-CVE-2023-52842

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix uninit-value in virtiotransportrecvpkt KMSAN reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in virtiotransportrecvpkt+0x1dfb/0x26...