CVE-2024-45877

baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock...

The vulnerability of the clk component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the clk component in the Linux operating system’s kernel is related to improper locking of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the serial/pmac_zilog components of the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the serial/pmaczilog components of the Linux operating system’s kernel is related to improper locking of resources in the pmzreceivechars function. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the clk component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the clk component in the Linux operating system’s kernel is related to improper locking of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Linux operating system’s serial kernel component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s serial kernel component is related to improper locking of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

Deadlock in x86 HVM standard VGA handling

ISSUE DESCRIPTION The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the virtual VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a...

kernel: thermal/debugfs: Fix two locking issues with thermal zone debug

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointe...

kernel: thermal/debugfs: Prevent use-after-free from occurring after cdev removal

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermaldebugcdevremove does not run under cdev-lock, it can run in parallel with thermaldebugcdevstateupdate and it may free the struct thermaldebugf...

kernel: KVM: arm64: Fix circular locking dependency

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix circular locking dependency The rule inside kvm enforces that the vcpu-mutex is taken inside kvm-lock. The rule is violated by the pkvmcreatehypvm which acquires the kvm-lock while already holding the vcpu-mutex...

kernel: PCI/ASPM: Fix deadlock when enabling ASPM

A flaw was found in the Linux kernel, where a deadlock scenario was triggered when enabling Active State Power Management ASPM during the probe of Qualcomm PCIe controllers. This deadlock was identified by lockdep and stemmed from a recursive locking scenario. This issue occurred when a task...

kernel: Reapply "drm/qxl: simplify qxl_fence_wait"

In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxlfencewait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever got o...

SUSE CVE-2024-50210

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...

CVE-2024-50210

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...

CVE-2024-50207

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix reader locking when changing the sub buffer order The function ringbuffersubbuforderset updates each ringbufferpercpu and installs new sub buffers that match the requested page order. This operation may be invoke...

DEBIAN-CVE-2024-50210

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...

UBUNTU-CVE-2024-50210

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...

CVE-2024-50210 posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...

CVE-2024-50210 posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...

CVE-2024-50210

The CVE-2024-50210 issue is in the Linux kernel posix-clock routine pc_clock_settime(). If get_clock_desc() succeeds, the code locks the clock’s fd and holds the rwsem; the error path failed to release the lock and fput the fd, causing unbalanced locking and a potential resource leak. The root ca...

CVE-2024-50210

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...