58 matches found
CVE-2026-43192
In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dmputdevice when failing to get scsi dh name When commit fd81bc5cca8f "scsi: devicehandler: Return error pointer in scsidhattachedhandlername" added code to fail parsing the path if scsidhattachedhandlername...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nrrequests or...
EUVD-2021-2096
Malware in sbrugna...
EUVD-2019-0297
Malware in sbrugna...
DEBIAN-CVE-2022-49003
In the Linux kernel, the following vulnerability has been resolved: nvme: fix SRCU protection of nvmenshead list Walking the nvmenshead siblings list is protected by the head's srcu in nvmensheadsubmitbio but not nvmempathrevalidatepaths. Removing namespaces from the list also fails to synchroniz...
PT-2024-11866 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: The issue is related to the Linux kernel's NVMe component, specifically with the nvme mpath revalidate paths function in drivers/nvme/host/multipath.c and the nvme ns remove functi...
kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
A use-after-free flaw was found in ip6routempathnotify in the Linux kernel. This may lead to a crash...
kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
A use-after-free flaw was found in ip6routempathnotify in the Linux kernel. This may lead to a crash...
kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
A use-after-free flaw was found in ip6routempathnotify in the Linux kernel. This may lead to a crash...
CVE-2024-40942 wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of meshpreqqueue objects The hwmp code use objects of type meshpreqqueue, added to a list in ieee80211ifmesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface ...
SUSE-SU-2024:2205-1 Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005539 fixes several issues. The following security issues were fixed: - CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event bsc1218259. - CVE-2024-26852: Fixed use-after-free in ip6routempathnotify...
CVE-2021-47498
In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nrrequests or...
SUSE CVE-2011-3654
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via...
Type confusion
Overview In mpath before 0.8.4 a type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...
CVE-2021-23438
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...
1405-authtokens (>=1.0.1 <=1.0.5), 1405_logging (=1.0.0) +4380 more potentially affected by CVE-2021-23438 via mpath (>=0.1.1 <=0.8.3)
mpath NPM version =0.1.1, =1.0.1, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.3.5, =1.2.3, =0.2.0, =0.0.1, =0.1.3 and more Source cves: CVE-2021-23438 Source advisory: OSV:GHSA-P92X-R36W-9395...
Type confusion in mpath
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...
GHSA-P92X-R36W-9395 Type confusion in mpath
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...
Prototype Pollution
mpath is vulnerable to prototype pollution. The vulnerability exists due to the condition ignoreProperties.indexOfpartsi !== -1 giving an incorrect return value when the input is an array...
CVE-2021-23438
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...