CVE-2021-47498

In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nrrequests or...

CVE-2021-47498 dm rq: don't queue request to blk-mq during DM suspend

In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nrrequests or...

UBUNTU-CVE-2021-47435

In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dmiodecpending calls endioacct first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to...

DEBIAN-CVE-2024-35805

In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fix lockup in dmexceptiontableexit There was reported lockup when we exit a snapshot with many exceptions. Fix this by adding "condresched" to the loop that frees the exceptions...

UBUNTU-CVE-2024-35805

In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fix lockup in dmexceptiontableexit There was reported lockup when we exit a snapshot with many exceptions. Fix this by adding "condresched" to the loop that frees the exceptions...

The vulnerabilities of the functions dm_mq_init_request_queue() and dm_mq_cleanup_mapped_device() in the Linux kernel’s drivers/md/dm-rq.c file allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerabilities of the functions dmmqinitrequestqueue and dmmqcleanupmappeddevice in the Linux kernel’s drivers/md/dm-rq.c file are related to the repeated release of previously released memory. Exploiting these vulnerabilities could allow an attacker to compromise the confidentiality,...

PT-2024-25129 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was discovered via the sql filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. This allows for potential exploitation. No information is provided about the...

SUSE CVE-2024-26962

In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, in...

kernel: dm: don't attempt to queue IO under RCU protection

A sleep-in-atomic-context bug was found in the Device Mapper subsystem in the Linux kernel. When processing REQNOWAIT requests, dm incorrectly submits I/O while holding an RCU read lock, assuming that REQNOWAIT means no scheduling can occur. However, mempoolalloc and other allocation functions ma...

kernel: dm: fix a race condition in retrieve_deps

A use-after-free flaw was found in the Linux kernel's device-mapper multipath implementation. A race condition exists between retrievedeps and multipathmessage when devices are added or removed. The retrievedeps function walks the device list without holding a lock while multipathmessage can modi...

SUSE CVE-2024-26880

In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend There is this reported crash when experimenting with the lvm2 testsuite. The list corruption is caused by the fact that the postsuspend and resume methods were not paired correctly;...

USN-6740-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities

Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2023-1382 It was discovered that the virtio network...

USN-6739-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service system crash. CVE-2022-20422 Wei Chen discovered that a race condition existed in the TIPC protocol implementation in...

USN-6739-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service system crash. CVE-2022-20422 Wei Chen discovered that a race condition existed in the TIPC protocol implementation in...

USN-6726-3 linux-xilinx-zynqmp vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

USN-6726-2: Linux kernel (IoT) vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

USN-6726-2 linux-iot vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

USN-6724-2 linux-aws-6.5, linux-raspi vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

SUSE CVE-2024-26757

In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore read-only array in mdcheckrecovery Usually if the array is not read-write, mdcheckrecovery won't register new syncthread in the first place. And if the array is read-write and syncthread is registered,...

Ubuntu: Security Advisory (USN-6726-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...