AZL-48529 CVE-2024-44946 affecting package kernel for versions less than 6.6.51.1-1

In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcmsendmsg for the same socket. syzkaller reported UAF in kcmrelease. 0 The scenario is 1. Thread A builds a skb with MSGMORE and sets kcm-seqskb. 2. Thread A resumes building skb from kcm-seqskb but is blocked by...

VulnCheck KEV: CVE-2023-2640

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs. xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks...

AZL-47968 CVE-2024-43855 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: md: fix deadlock between mddevsuspend and flush bio Deadlock occurs when mddev is being suspended while some flush bio is in progress. It is a complex issue. T1. the first flush is at the ending stage, it clears 'mddev-flushbio'...

CVE-2024-42321

In the Linux kernel, the following vulnerability has been resolved: net: flowdissector: use DEBUGNETWARNONONCE The following splat is easy to reproduce upstream as well as in -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 "net: add and use skbgethashsymmetricnet" bu...

CVE-2024-42321 net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE

In the Linux kernel, the following vulnerability has been resolved: net: flowdissector: use DEBUGNETWARNONONCE The following splat is easy to reproduce upstream as well as in -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 "net: add and use skbgethashsymmetricnet" bu...

CVE-2024-42321

In the Linux kernel, the following vulnerability has been resolved: net: flowdissector: use DEBUGNETWARNONONCE The following splat is easy to reproduce upstream as well as in -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 "net: add and use skbgethashsymmetricnet" bu...

conda-store (>=2024.6.1 <=2024.11.2), cylc-uiserver (>=0.1.0 <=0.3.0) +13 more potentially affected by CVE-2024-41942 via jupyterhub (>=0.8.1 <=4.0.2)

jupyterhub PYPI version =0.8.1, =2024.6.1, =0.1.0, =0.0.4, =1.3.7, =1.0.0, =0.2.0, =0.1.0, =0.0.0, =0.1.0, =0.10.0, =0.2.25, =0.0.1, =0.1.0, =0.0.2, =0.0.9 Source cves: CVE-2024-41942 Source advisory: OSV:PYSEC-2024-200...

conda-store (>=2024.6.1 <=2024.11.2), cylc-uiserver (>=0.1.0 <=0.3.0) +13 more potentially affected by CVE-2024-41942 via jupyterhub (>=0.8.1 <=4.0.2)

jupyterhub PYPI version =0.8.1, =2024.6.1, =0.1.0, =0.0.4, =1.3.7, =1.0.0, =0.2.0, =0.1.0, =0.0.0, =0.1.0, =0.10.0, =0.2.25, =0.0.1, =0.1.0, =0.0.2, =0.0.9 Source cves: CVE-2024-41942 Source advisory: OSV:GHSA-9X4Q-3GXW-849F...

AZL-47492 CVE-2024-42246 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xstcpsetupsocket When using a BPF program on kernelconnect, the call can return -EPERM. This causes xstcpsetupsocket to loop forever, filling up the syslog and causing the...

AZL-47621 CVE-2024-42236 affecting package kernel for versions less than 5.15.164.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form if str0 - 1 == '\n' followed...

SUSE CVE-2024-41020

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 "filelock: Remove locks reliably when fcntl/close race is detected", I missed that there are two copies of the code I was patching: The normal...

AZL-48261 CVE-2024-42114 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211ATTRTXQQUANTUM values syzbot is able to trigger softlockups, setting NL80211ATTRTXQQUANTUM to 2^31. We had a similar issue in schfq, fixed with commit d9e15a273306 "pktsched: fq: do not accept sill...

AZL-47546 CVE-2024-41037 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: fix null deref on system suspend entry When system enters suspend with an active stream, SOF core calls hwparamsuponresume. On Intel platforms with HDA DMA used to manage the link DMA, this leads to call...

CVE-2024-41020 filelock: Fix fcntl/close race recovery compat path

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 "filelock: Remove locks reliably when fcntl/close race is detected", I missed that there are two copies of the code I was patching: The normal...

CVE-2024-41020

CVE-2024-41020 (Linux kernel) is addressed in IBM Storage Scale bulletin as part of a broader set of kernel fixes. The entry notes a filelock race involving fcntl/close that was backported to the compat path for 32-bit kernels, mirroring an earlier patch for the normal path. The connected IBM bul...

CVE-2024-40980

In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled, and it acquires a spinlock. This is problematic for RT kernels because spinlocks are sleeping locks in this configuration, which...

CVE-2024-40980

In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled, and it acquires a spinlock. This is problematic for RT kernels because spinlocks are sleeping locks in this configuration, which...

CVE-2024-40980 drop_monitor: replace spin_lock by raw_spin_lock

In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled, and it acquires a spinlock. This is problematic for RT kernels because spinlocks are sleeping locks in this configuration, which...

CVE-2024-40980 drop_monitor: replace spin_lock by raw_spin_lock

In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled, and it acquires a spinlock. This is problematic for RT kernels because spinlocks are sleeping locks in this configuration, which...

AZL-47931 CVE-2024-39487 affecting package kernel for versions less than 5.15.164.1-1

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...