186 matches found
Namada-apps can Crash with Excessive Computation in Mempool Validation
Impact A malicious transaction may cause a crash in mempool validation. A transaction with authorization section containing 256 public keys or more with valid matching signatures triggers an integer overflow in signature verification that causes a the node to panic. Patches This issue has been...
PT-2025-30858
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak was discovered in the raid10 subsystem within the Linux kernel. Specifically, when raid10 read request or raid10 write request registers a new request with the REQ NOWAIT...
SUSE CVE-2024-50119
In the Linux kernel, the following vulnerability has been resolved: cifs: fix warning when destroy 'cifsiorequestpool' There's a issue as follows: WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 freelargekmalloc+0xac/0xe0 RIP: 0010:freelargekmalloc+0xac/0xe0 Call Trace: ? warn+0xea/0x330...
DEBIAN-CVE-2024-50119
In the Linux kernel, the following vulnerability has been resolved: cifs: fix warning when destroy 'cifsiorequestpool' There's a issue as follows: WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 freelargekmalloc+0xac/0xe0 RIP: 0010:freelargekmalloc+0xac/0xe0 Call Trace: ? warn+0xea/0x330...
CVE-2024-39482 bcache: fix variable length array abuse in btree_iter
In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btreeiter btreeiter is used in two ways: either allocated on the stack with a fixed size MAXBSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the...
CVE-2021-47435
In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dmiodecpending calls endioacct first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to...
CVE-2021-47435
In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dmiodecpending calls endioacct first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to...
CVE-2021-47435
In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dmiodecpending calls endioacct first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to...
DEBIAN-CVE-2021-47435
In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dmiodecpending calls endioacct first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to...
UBUNTU-CVE-2021-47435
In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dmiodecpending calls endioacct first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to...
CVE-2021-47435
In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dmiodecpending calls endioacct first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to...
CVE-2021-47435 dm: fix mempool NULL pointer race when completing IO
In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dmiodecpending calls endioacct first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to...
CVE-2021-47435
CVE-2021-47435 affects the Linux kernel device-mapper (dm) path, causing a crash via a NULL pointer dereference during IO completion. The issue stems from dm_io_dec_pending() calling end_io_acct() before the in-flight pending count is decremented, and a race if a DM table swap happens concurrentl...
CVE-2021-47435 dm: fix mempool NULL pointer race when completing IO
In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dmiodecpending calls endioacct first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to...
CVE-2024-35979
In the Linux kernel, the following vulnerability has been resolved: raid1: fix use-after-free for original bio in raid1writerequest r1bio-bios is used to record new bios that will be issued to underlying disks, however, in raid1writerequest, r1bio-bios will set to the original bio temporarily...
Nervos CKB Permit load cell data from memory
Impact The faulty nodes will reject transactions which calls loadcelldata syscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation. Patches 0.35.2, 0.36.1, 0.37.1, 0.38.2...
GHSA-29C2-65RJ-H343 Nervos CKB Permit load cell data from memory
Impact The faulty nodes will reject transactions which calls loadcelldata syscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation. Patches 0.35.2, 0.36.1, 0.37.1, 0.38.2...
PT-2024-40018 · Ckb · Ckb
Name of the Vulnerable Software and Affected Versions: Ckb versions prior to 0.35.2 Ckb versions prior to 0.36.1 Ckb versions prior to 0.37.1 Ckb versions prior to 0.38.2 Description: The issue causes faulty nodes to reject transactions that call the load cell data syscall when the input cell is...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...