1252 matches found
CVE-2022-49030 libbpf: Handle size overflow for ringbuf mmap
In the Linux kernel, the following vulnerability has been resolved: libbpf: Handle size overflow for ringbuf mmap The maximum size of ringbuf is 2GB on x86-64 host, so 2 maxentries will overflow u32 when mapping producer page and data pages. Only casting maxentries to sizet is not enough, because...
CVE-2022-49030
The CVE-2022-49030 issue affects the Linux kernel component libbpf, specifically a size overflow in ringbuf mmap when mapping producer and data pages. The root cause is an overflow of the 32-bit read/write region size (max 2GB ringbuf on x86-64) due to computing 2 * max_entries, which can overflo...
CVE-2022-49030 libbpf: Handle size overflow for ringbuf mmap
In the Linux kernel, the following vulnerability has been resolved: libbpf: Handle size overflow for ringbuf mmap The maximum size of ringbuf is 2GB on x86-64 host, so 2 maxentries will overflow u32 when mapping producer page and data pages. Only casting maxentries to sizet is not enough, because...
AZL-50713 CVE-2024-47745 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler calls dommap directly, which doesn't contain the LSM security check. And if the process has called personalityREADIMPLIESEXEC before and...
DEBIAN-CVE-2024-47745
In the Linux kernel, the following vulnerability has been resolved: mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler calls dommap directly, which doesn't contain the LSM security check. And if the process has called personalityREADIMPLIESEXEC before and...
AZL-50975 CVE-2024-47745 affecting package kernel for versions less than 6.6.56.1-5
In the Linux kernel, the following vulnerability has been resolved: mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler calls dommap directly, which doesn't contain the LSM security check. And if the process has called personalityREADIMPLIESEXEC before and...
UBUNTU-CVE-2024-47745
In the Linux kernel, the following vulnerability has been resolved: mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler calls dommap directly, which doesn't contain the LSM security check. And if the process has called personalityREADIMPLIESEXEC before and...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of a size overflow in the libbpf's ringbuf mmap operation, which could affect mmap...
UBUNTU-CVE-2024-47674
In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw...
CVE-2024-46838
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: don't BUGON if khugepaged yanks our page table Since khugepaged was changed to allow retracting page tables in file mappings without holding the mmap lock, these BUGONs are wrong - get rid of them. We could also remo...
DEBIAN-CVE-2024-46741
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix double free of 'buf' in error path smatch warning: drivers/misc/fastrpc.c:1926 fastrpcreqmmap error: double free of 'buf' In fastrpcreqmmap error path, the fastrpc buffer is freed in fastrpcreqmunmapimpl if unm...
kernel: userfaultfd: fix a race between writeprotect and exit_mmap()
A possible race condition flaw was found in the Linux kernel. When a process exits, its virtual memory areas VMAs are removed by exitmmap, and at the same time, userfaultfdwriteprotect is called...
CVE-2024-44947
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fusenotifystore, unlike fusedoreadpage, does not enable page zeroing because it can be used to change partial page contents. So fusenotifystore must be more carefu...
SUSE CVE-2024-44947
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fusenotifystore, unlike fusedoreadpage, does not enable page zeroing because it can be used to change partial page contents. So fusenotifystore must be more carefu...
CVE-2024-44947
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fusenotifystore, unlike fusedoreadpage, does not enable page zeroing because it can be used to change partial page contents. So fusenotifystore must be more carefu...
AZL-49307 CVE-2024-44947 affecting package kernel for versions less than 5.15.167.1-1
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fusenotifystore, unlike fusedoreadpage, does not enable page zeroing because it can be used to change partial page contents. So fusenotifystore must be more carefu...
AZL-49296 CVE-2024-44947 affecting package kernel for versions less than 6.6.51.1-1
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fusenotifystore, unlike fusedoreadpage, does not enable page zeroing because it can be used to change partial page contents. So fusenotifystore must be more carefu...
UBUNTU-CVE-2024-44947
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fusenotifystore, unlike fusedoreadpage, does not enable page zeroing because it can be used to change partial page contents. So fusenotifystore must be more carefu...
CVE-2024-44947
CVE-2024-44947 is a Linux kernel information-leak vulnerability in the fuse subsystem. The issue arises from fuse_notify_store() not enabling page zeroing like fuse_do_readpage(), causing beyond-EOF page contents to remain uninitialized and potentially be exposed to userspace via mmap when init-o...
CLSA-2024-1725187614 kernel: Fix of 11 CVEs
drm/vmwgfx: Fix invalid reads in fence signaled events CVE-2024-36960 - afunix: Fix garbage collector racing against connect CVE-2024-26923 - ipv6: remove maxsize check inline with ipv4 CVE-2023-52340 - aoe: fix the potential use-after-free problem in aoecmdcfgpkts CVE-2023-6270 - smb: client:...