WordPress plugin Leopard - WordPress offload media 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

SUSE CVE-2024-43844

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: wow: fix GTK offload H2C skbuff issue We mistakenly put skb too large and that may exceed skb-end. Therefore, we fix it. skbuff: skboverpanic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780...

UBUNTU-CVE-2024-43844

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: wow: fix GTK offload H2C skbuff issue We mistakenly put skb too large and that may exceed skb-end. Therefore, we fix it. skbuff: skboverpanic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780...

CVE-2024-43844 wifi: rtw89: wow: fix GTK offload H2C skbuff issue

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: wow: fix GTK offload H2C skbuff issue We mistakenly put skb too large and that may exceed skb-end. Therefore, we fix it. skbuff: skboverpanic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780...

CVE-2024-43844 wifi: rtw89: wow: fix GTK offload H2C skbuff issue

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: wow: fix GTK offload H2C skbuff issue We mistakenly put skb too large and that may exceed skb-end. Therefore, we fix it. skbuff: skboverpanic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780...

CVE-2024-43844

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: wow: fix GTK offload H2C skbuff issue We mistakenly put skb too large and that may exceed skb-end. Therefore, we fix it. skbuff: skboverpanic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780...

kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: reset dst in route object after setting up flow dst is transferred to the flow object, route object does not own it anymore. Reset dst in route object, otherwise if flowoffloadadd fails, error path...

kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: reset dst in route object after setting up flow dst is transferred to the flow object, route object does not own it anymore. Reset dst in route object, otherwise if flowoffloadadd fails, error path...

WordPress Leopard - WordPress offload media Plugin <= 2.0.36 is vulnerable to Sensitive Data Exposure

Software Leopard - WordPress offload media Type Plugin Vulnerable versions = 2.0.36 Fixed in 3.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43257 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID abc75d6c856e Credits Da...

WordPress Leopard - WordPress offload media Plugin <= 2.0.36 is vulnerable to Settings Change

Software Leopard - WordPress offload media Type Plugin Vulnerable versions = 2.0.36 Fixed in 3.1.2 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43256 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4b11a3c864a0 Credits Dave Jong...

kernel: net: bridge: switchdev: Skip MDB replays of deferred events on offload

A flaw was found in the Linux kernel. A race condition in network bridge management could lead to a denial of service...

kernel: net: core: reject skb_copy(_expand) for fraglist GSO skbs

In the Linux kernel, the following vulnerability has been resolved: net: core: reject skbcopyexpand for fraglist GSO skbs SKBGSOFRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skbcopy or skbcopyexpand, in order to prevent a crash on a...

kernel: net/sched: flower: Fix chain template offload

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload The Linux kernel CVE team has assigned CVE-2024-26669 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040237-CVE-2024-26669-ca3c@gregkh/T...

kernel: wifi: ath11k: fix gtk offload status event locking

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by RCU but the gtk offload status event handling code calling ath11kmacgetarvifbyvdevid was not marked as a read-side critical section. Mark...

kernel: nsh: Restore skb-&gt;{protocol,data,mac_header} for outer header in nsh_gso_segment().

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb-protocol,data,macheader for outer header in nshgsosegment. syzbot triggered various splats see 0 and links by a crafted GSO packet of VIRTIONETHDRGSOUDP layering the following protocols: ETHP8021AD + ETHPNSH +...

kernel: wifi: ath11k: fix gtk offload status event locking

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by RCU but the gtk offload status event handling code calling ath11kmacgetarvifbyvdevid was not marked as a read-side critical section. Mark...

kernel: net: bridge: switchdev: Skip MDB replays of deferred events on offload

A flaw was found in the Linux kernel. A race condition in network bridge management could lead to a denial of service...

kernel: net: core: reject skb_copy(_expand) for fraglist GSO skbs

In the Linux kernel, the following vulnerability has been resolved: net: core: reject skbcopyexpand for fraglist GSO skbs SKBGSOFRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skbcopy or skbcopyexpand, in order to prevent a crash on a...

kernel: net/sched: flower: Fix chain template offload

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload The Linux kernel CVE team has assigned CVE-2024-26669 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040237-CVE-2024-26669-ca3c@gregkh/T...

kernel: net: core: reject skb_copy(_expand) for fraglist GSO skbs

In the Linux kernel, the following vulnerability has been resolved: net: core: reject skbcopyexpand for fraglist GSO skbs SKBGSOFRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skbcopy or skbcopyexpand, in order to prevent a crash on a...