CVE-2022-48675 IB/core: Fix a nested dead lock as part of ODP flow

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmputasync. From the below call trace 1 can see that calling mmput once we have the umemodp-umemmutex locked as required by...

CVE-2022-48675 IB/core: Fix a nested dead lock as part of ODP flow

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmputasync. From the below call trace 1 can see that calling mmput once we have the umemodp-umemmutex locked as required by...

CVE-2022-48675

CVE-2022-48675 is a Linux kernel issue in IB/core involving a nested deadlock between exiting mmap (exit_mmap/__mmu_notifier_release) and a mutex held during ib_umem_odp_map_dma_and_lock. The root cause is a potential deadlock when mmput() is called while umem_mutex is held, triggering a lock in ...

CVE-2022-48675

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmputasync. From the below call trace 1 can see that calling mmput once we have the umemodp-umemmutex locked as required by...

SUSE CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

USN-6760-1 gerbv vulnerability

George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of servic...

CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

DEBIAN-CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

kernel: KVM: nSVM: Check instead of asserting on nested TSC scaling support

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1's MSRAMD64TSCRATIO has diverged from KVM's...

kernel: Linux kernel KVM: Denial of Service in nested SVM due to TSC multiplier manipulation

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM nested SVM nSVM module. A local attacker with low privileges in a nested virtual machine can manipulate the Timestamp Counter TSC multiplier and CPUID features. This manipulation can trigger a kernel warning, leading to a...

sqlparse 安全漏洞

sqlparse is Python's non-validating SQL parser. It provides support for parsing, splitting, and formatting SQL statements. A security vulnerability exists in sqlparse that stems from an application passing a nested list to sqlparse.parse, resulting in a denial of service...

Prototype Pollution

Conform is vulnerable to prototype pollution. The vulnerability is due to the nested object parsing, allowing attackers to trigger prototype pollution by passing crafted input to parseWith functions. Applications using Conform for server-side validation of form data or URL parameters are affected...

Conform contains a Prototype Pollution Vulnerability in `parseWith...` function

Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...

CVE-2024-32866

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

CVE-2024-32866

CVE-2024-32866 concerns Conform, a type-safe form validation library. The issue enables prototype pollution through parsing of nested objects (object.property) in parseWith… functions due to an improper implementation in versions prior to 1.1.1. This affects server-side validation of form data or...

CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

PT-2024-24921 · Conform · Conform

Name of the Vulnerable Software and Affected Versions: Conform versions prior to 1.1.1 Description: Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to...

SUSE CVE-2024-26855

In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in icebridgesetlink The function icebridgesetlink may encounter a NULL pointer dereference if nlmsgfindattr returns NULL and brspec is dereferenced subsequently in nlaforeachnested...