kernel: tracing: Fix sleeping function called from invalid context on RT kernel

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix sleeping function called from invalid context on RT kernel When setting bootparams="traceevent=initcall:initcallstart tpprintk=1" in the cmdline, the outputprintk was called, and the spinlockirqsave was called in the...

kernel: drm/amdgpu: unmap and remove csa_va properly

A locking violation was found in the Linux kernel's AMD GPU driver in the context save area cleanup path. A local user can trigger this issue when closing GPU contexts, causing the driver to unmap and remove virtual memory mappings without first reserving the root page directory buffer object. Th...

kernel: kernel: Denial of Service via memory leak in LRU hash maps

A flaw was found in the Linux kernel. A local user could exploit a memory leak vulnerability in the Least Recently Used LRU and LRUPERCPU hash maps. This occurs when the kernel allocates a new element during a map update but fails to release it if the hash table bucket cannot be locked. Repeated...

kernel: ixgbe: Fix panic during XDP_TX with > 64 CPUs

A flaw was found in the Linux kernel's ixgbe network driver. On systems with more than 64 CPUs, XDPTX operations can cause a kernel panic due to an array-index-out-of-bounds access. The ixgbexdplockingkey variable can be incorrectly decremented to zero during ring reconfiguration, causing the...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-063)

The version of kernel installed on the remote host is prior to 5.4.110-54.189. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-063 advisory. In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-055)

The version of kernel installed on the remote host is prior to 5.10.29-27.128. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2024-055 advisory. In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in...

CVE-2024-33587

Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0...

PT-2024-25355 · Unknown · Secure Copy Content Protection/Content Locking

Name of the Vulnerable Software and Affected Versions: Secure Copy Content Protection and Content Locking versions 3.9.0 and earlier Description: A Missing Authorization issue has been identified, affecting Secure Copy Content Protection and Content Locking. The issue allows for potential...

WordPress plugin Secure Copy Content Protection and Content Locking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

UBUNTU-CVE-2022-48633

In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix WARNONlock-magic != lock error psbgemunpin calls dmaresvlock but the underlying wwmutex gets destroyed by drmgemobjectrelease move the drmgemobjectrelease call in psbgemfreeobject to after the unpin to fix the bel...

CVE-2022-48634 drm/gma500: Fix BUG: sleeping function called from invalid context errors

In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gmacrtcpageflip was holding the eventlock spinlock while calling crtcfuncs-modesetbase which takes wwmutex. The only reason to hold eventlock is to clear...

RHEL 6 / 7 : rh-mysql57-mysql (RHSA-2018:3655)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3655 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

Improper Locking

vyper is vulnerable to Improper Locking. This vulnerability is due to lack of reentrancy protection in default functions and not respecting nonreentrancy keys and failing to emit the lock, which allows an attacker to bypass the intended security mechanisms...

WordPress Secure Copy Content Protection and Content Locking plugin <= 3.9.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 3.9.0...

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL in Switzerland. A security vulnerability exists in ZITADEL versions prior to 2.50.0 that stems from an improper application locking...

kernel: use after free in unix_stream_sendpage

A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...

Ivanti Avalanche InstallPackageThread Time-Of-Check Time-Of-Use Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the InstallPackageThread class. The issue results from the lack of proper locking when...

Ivanti Avalanche doInTransaction Time-Of-Check Time-Of-Use Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the doInTransaction method. The issue results from the lack of proper locking when performi...

WordPress Secure Copy Content Protection and Content Locking plugin <= 3.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 3.7.1...

The vulnerability of the ch_ktls component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the chktls component in the Linux operating system’s kernel is related to the absence of locking mechanisms during synchronization. Exploiting this vulnerability can allow an attacker to cause a service failure...