17 matches found
CVE-2024-53232
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug iommugroupsetdomainnofail attaching the default domain fails when the platform no...
CVE-2024-53232
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug iommugroupsetdomainnofail attaching the default domain fails when the platform no...
CVE-2024-53232
CVE-2024-53232 refers to a Linux kernel vulnerability in the IOMMU code for s390, where during surprise hot-unplug of a PCI device, attaching the default domain could fail and lead to a NULL domain pointer and a use-after-free. The fix introduces a blocking domain to handle devices that were alre...
CVE-2024-53232 iommu/s390: Implement blocking domain
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug iommugroupsetdomainnofail attaching the default domain fails when the platform no...
kernel: iommu/vt-d: Fix NULL domain on device release
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release The Linux kernel CVE team has assigned CVE-2024-27079 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050134-CVE-2024-27079-f478@gregkh/T...
CVE-2024-27079
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferredattach mode. In this mode, info-domain may not yet be assigned by the time the releasedevice function is called. It leads to the...
DEBIAN-CVE-2024-27079
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferredattach mode. In this mode, info-domain may not yet be assigned by the time the releasedevice function is called. It leads to the...
CVE-2024-27079
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferredattach mode. In this mode, info-domain may not yet be assigned by the time the releasedevice function is called. It leads to the...
CVE-2024-27079
CVE-2024-27079 affects the Linux kernel IAMMU VT-d code. Systems with kdump/crash kernel may crash due to NULL domain on device release in deferred_attach mode, triggering a NULL pointer dereference during device removal. The mitigated path uses the release_domain mechanism to clear the scalable ...
Linux kernel security vulnerability
The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from always enabling clk in mtkiommuruntimeresume, even if m4udom is null...
SUSE CVE-2009-2730
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...
safari10跨域漏洞
safari 10的XMLHttpRequest在null域下可以随意发起跨域请求和设置httpheader 我交到苹果的bugreport,并给apple发邮件后,他们自己悄悄把漏洞修了,连个邮件都没给我发,所以我决定公开poc 这是我在漏洞未修复前截的图: 这个漏洞可以造成同源策略绕过,随便跨域,这是我写的获取gmail数据的代码: html var serveraddress = 'http://127.0.0.1:8000/static/csrfWcn6h/' function deleteSelf let test = document.getElementById'test'...
Design/Logic Flaw
Mozilla Firefox allows for cookies to be set with a null domain aka "domainless cookies", which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window...
CVE-2007-3827
Mozilla Firefox allows for cookies to be set with a null domain aka "domainless cookies", which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window...
CVE-2007-3827
Mozilla Firefox allows for cookies to be set with a null domain aka "domainless cookies", which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window...
CVE-2007-3827
Mozilla Firefox allows for cookies to be set with a null domain aka "domainless cookies", which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window...
CVE-2007-3827
Mozilla Firefox is affected by CVE-2007-3827: cookies can be set with a null domain (domainless cookies), enabling information to pass between arbitrary domains and potential user tracking via document.cookie in javascript:. window. The vulnerability stems from how cookies are handled with a null...