Bad debt auctions can be DoSed forever

Lines of code Vulnerability details Vulnerability Details For function Shortfall::placeBid in shortfall contract on L183 and L190 , the previous highest bidder’s funds stored in the shortfall contract has to be sent back to the bidder. This operation has to be successful before any new bid can be...

OESA-2023-1276 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to...

The vulnerability of the virt_to_bus()/bus_to_virt() function in the dpt_i2o driver of Linux operating systems allows attackers to exploit their privileges.

The vulnerability of the virttobus/bustovirt function in the dpti2o driver of Linux operating systems is related to improper locking during object operations. Exploiting this vulnerability can allow an attacker to gain increased privileges...

kernel: Recursive locking violation in usb-storage that can cause the kernel to deadlock

An incorrect access control flaw was found in the Linux kernel USB core subsystem. When attaching a malicious usb device, the recursive locking violation in usb-storage can cause the kernel to deadlock. This issue could allow a local user to crash the system...

kernel: rxrpc: Fix locking in rxrpc's sendmsg

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: 1 rxrpcnewclientcall should release the socket lock when returning an error from rxrpcgetcallslot. 2 rxrpcwaitfortxwindowintr will return...

kernel: Recursive locking violation in usb-storage that can cause the kernel to deadlock

An incorrect access control flaw was found in the Linux kernel USB core subsystem. When attaching a malicious usb device, the recursive locking violation in usb-storage can cause the kernel to deadlock. This issue could allow a local user to crash the system...

PT-2025-25862 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.18.0 Description: A recursive locking violation was discovered in the Linux kernel's USB storage component. This issue was identified through automatic kernel fuzzing and occurs due to a nested device-reset...

PT-2025-25924 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.0-rc6 Description: The issue is related to the rxrpc's sendmsg implementation in the Linux kernel, where three bugs have been identified and fixed. These bugs concern locking mechanisms, specifically the...

CVE-2023-27952

A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks...

CVE-2023-27952

A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks...

Race condition

A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks...

CVE-2023-27952

A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks...

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.

...

A race condition was found in the Linux kernel's RxRPC network protocol within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.

...

CLSA-2023-1683235759 Fix CVE(s): CVE-2022-3996, CVE-2023-0464, CVE-2023-0466

SECURITY UPDATE: Excessive resource use verifying X.509 policy constraints - debian/patches/CVE-2023-0464.patch: Limit X.509 certificate tree size to avoid exponential use of computational resources - CVE-2023-0464 SECURITY UPDATE: Incorrecly documented X509VERIFYPARAMadd0policy -...

PT-2023-2816 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The issue results from the lack of proper locking when performing operations on an object,...

PT-2023-2821 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2 LOGOFF and SMB2 CLOSE commands. The issue...

SUSE CVE-2023-2269

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component...

CVE-2023-2269

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component...

CVE-2023-2269

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component...