112 matches found
DEBIAN-CVE-2022-49549
In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fix memory leak when thresholdcreatebank fails In mcethresholdcreatedevice, if thresholdcreatebank fails, the previously allocated threshold banks array @bp will be leaked because the call to mcethresholdremovedevice...
AZL-68535 CVE-2022-49124 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1 An uncorrected error. 2 That err...
CVE-2022-49124
In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1 An uncorrected error. 2 That err...
CVE-2022-49549
The CVE-2022-49549 entry concerns a Linux kernel memory-leak in the x86 MCE/AMD path: when threshold_create_bank() fails inside mce_threshold_create_device(), the previously allocated threshold banks array (bp) could be leaked because threshold_remove_device() only frees it if the bank creation s...
CVE-2022-49124
The CVE-2022-49124 entry concerns the Linux kernel x86 MCE workaround for an erratum in fast string copy instructions (REP; MOVS*). A rare kernel panic can occur when an uncorrected error is in the first cache line of a page and the kernel executes page_copy from the previous page, causing an MCE...
CVE-2024-50022
In the Linux kernel, the following vulnerability has been resolved: device-dax: correct pgoff align in daxsetmapping pgoff should be aligned using ALIGNDOWN instead of ALIGN. Otherwise, vmf-address not aligned to faultsize will be aligned to the next alignment, that can result in memory failure...
CVE-2024-50022
In the Linux kernel, the following vulnerability has been resolved: device-dax: correct pgoff align in daxsetmapping pgoff should be aligned using ALIGNDOWN instead of ALIGN. Otherwise, vmf-address not aligned to faultsize will be aligned to the next alignment, that can result in memory failure...
CVE-2024-50022
The CVE-2024-50022 issue affects the Linux kernel device-dax path. The root cause is pgoff alignment in dax_set_mapping() using ALIGN() instead of ALIGN_DOWN(), which can misalign vmf->address to fault_size and cause memory address errors. This was observed during page fault handling in dev_da...
CVE-2024-50022 device-dax: correct pgoff align in dax_set_mapping()
In the Linux kernel, the following vulnerability has been resolved: device-dax: correct pgoff align in daxsetmapping pgoff should be aligned using ALIGNDOWN instead of ALIGN. Otherwise, vmf-address not aligned to faultsize will be aligned to the next alignment, that can result in memory failure...
CVE-2024-50022 device-dax: correct pgoff align in dax_set_mapping()
In the Linux kernel, the following vulnerability has been resolved: device-dax: correct pgoff align in daxsetmapping pgoff should be aligned using ALIGNDOWN instead of ALIGN. Otherwise, vmf-address not aligned to faultsize will be aligned to the next alignment, that can result in memory failure...
kernel security update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
RLSA-2024:5101 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: powerpc: Fix access beyond end of drmem array CVE-2023-52451 kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52463 kernel: tracing: Restructure...
RHEL 8 : kernel (RHSA-2024:5101)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5101 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: powerpc: Fix access beyond end...
ALSA-2024:5102 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52463 kernel: tracing: Restructure traceclockglobal to...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: powerpc: Fix access beyond end of drmem array CVE-2023-52451 kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52463 kernel: tracing: Restructure...
CVE-2024-42126 powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
In the Linux kernel, the following vulnerability has been resolved: powerpc: Avoid nmienter/nmiexit in real mode interrupt. nmienter/nmiexit touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling e.g. early HMI/MCE interrupt handler if percpu...
CVE-2024-42126 powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
In the Linux kernel, the following vulnerability has been resolved: powerpc: Avoid nmienter/nmiexit in real mode interrupt. nmienter/nmiexit touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling e.g. early HMI/MCE interrupt handler if percpu...
PT-2024-5043
Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.11.0 LTS TinyMCE versions prior to 6.8.4 TinyMCE versions prior to 7.2.0 Description: A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable regexp...
SUSE CVE-2021-47429
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unrecoverable MCE calling async handler from NMI The machine check handler is not considered NMI on 64s. The early handler is the true NMI handler, and then it schedules the machinecheckexception handler to run...
CVE-2021-47429
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unrecoverable MCE calling async handler from NMI The machine check handler is not considered NMI on 64s. The early handler is the true NMI handler, and then it schedules the machinecheckexception handler to run...