1263 matches found
UBUNTU-CVE-2021-46938
In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blkmqtagset in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blkmqtagset for the device fails, a followi...
CVE-2021-46938 dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blkmqtagset in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blkmqtagset for the device fails, a followi...
CVE-2021-46938
In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blkmqtagset in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blkmqtagset for the device fails, a followi...
Advisory ROSA-SA-2024-2355
Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2020-14339 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability was discovered in libvirt that caused the /dev/mapper/control file descriptor to be exposed to...
CLSA-2024-1708094049 Fix of 8 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables: reject QUEUE/DROP verdict parameters CVE-url: https://ubuntu.com/security/CVE-2023-35827 - ravb: Fix use-after-fr...
CLSA-2024-1708171186 Fix of 10 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-23849 - net/rds: Fix UBSAN: array-index-out-of-bounds in rdscmsgrecv CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables...
CLSA-2024-1708171036 Fix of 10 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-23849 - net/rds: Fix UBSAN: array-index-out-of-bounds in rdscmsgrecv CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables...
CLSA-2024-1708094944 Fix of 8 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables: reject QUEUE/DROP verdict parameters CVE-url: https://ubuntu.com/security/CVE-2023-35827 - ravb: Fix use-after-fr...
AZL-33965 CVE-2024-23851 affecting package kernel for versions less than 5.15.153.1-1
copyparams in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INTMAX bytes, and crash, because of a missing paramkernel-datasize check. This is related to ctlioctl...
Security Bulletin: Multiple Vulnerabilities in Open Source affect IBM Cloud Pak System
Summary Vulnerabilities in jettison, jackson mapper and xerces shipped with Platform System Manager PSM affect IBM Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities Vulnerability Details CVEID:CVE-2022-45685 DESCRIPTION: Jettison is vulnerable to a denial of service, caused by ...
multipath-tools: Multiple Vulnerabilities
Background multipath-tools are used to drive the Device Mapper multipathing driver. Description Multiple vulnerabilities have been discovered in multipath-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.9.2post0 and was tested on version 1.8.2. Overview In all current versions of Label Studio, the application allow...
GHSA-6HJJ-GQ77-J4QW Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.9.2post0 and was tested on version 1.8.2. Overview In all current versions of Label Studio, the application allow...
kernel: dm flakey: fix a crash with invalid table line
A flaw was identified in the device-mapper “dm flakey” target in the Linux kernel where invalid table line input can lead to a NULL pointer dereference. Specifically, when dmsetup is used with a malformed table line such as with the corruptbiobyte target and the argname pointer is NULL, the kerne...
kernel: dm cache: free background tracker's queued work in btracker_destroy
A memory leak was found in the device-mapper cache target in the Linux kernel. The btrackerdestroy function fails to free queued work items from the background tracker before destroying the slab cache. This triggers a BUG when kmemcacheshutdown finds objects still remaining...
kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos
A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component...
kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos
A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component...
PYSEC-2023-275
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...
CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...
CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...