The vulnerability in the `libavfilter/avf_showspectrum.c` component of the FFmpeg multimedia library, related to a single shift error, allows attackers to trigger a service failure.

The vulnerability of the libavfilter/avfshowspectrum.c component in the FFmpeg multimedia library is related to a single-precision offset error. Exploiting this vulnerability could allow an attacker to cause a system failure...

kernel: Linux kernel: ACPICA undefined behavior due to zero offset to null pointer

A flaw was found in ACPICA in the Linux kernel. This vulnerability allows for a denial of service via a null pointer dereference...

kernel: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

A vulnerability has been identified in the Linux kernel's Berkeley Packet Filter BPF subsystem. The flaw resides within the handling of PTRTOFLOWKEYS pointer to flow keys in the checkflowkeysaccess function. Specifically, while fixed offsets are validated for PTRTOFLOWKEYS, the system currently...

kernel: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault()

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidiasmmucontextfault This was missed because of the function pointer indirection. nvidiasmmucontextfault is also installed as a irq function, and the 'void ' was changed to a struct...

kernel: maple_tree: fix mas_empty_area_rev() null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...

kernel: netfilter: flowtable: incorrect pppoe tuple

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...

kernel: soundwire: cadence: fix invalid PDI offset

in Linux kernel soundwire, an offset is added to the PDI, which leads to an out-of-bounds error...

AZL-53277 CVE-2024-50251 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: sanitize offset and length before calling skbchecksum If access to offset + length is larger than the skbuff length, then skbchecksum triggers BUGON. skbchecksum internally subtracts the length parameter...

AZL-53328 CVE-2024-50251 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: sanitize offset and length before calling skbchecksum If access to offset + length is larger than the skbuff length, then skbchecksum triggers BUGON. skbchecksum internally subtracts the length parameter...

CVE-2024-50251 netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: sanitize offset and length before calling skbchecksum If access to offset + length is larger than the skbuff length, then skbchecksum triggers BUGON. skbchecksum internally subtracts the length parameter...

CVE-2024-50251

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: sanitize offset and length before calling skbchecksum If access to offset + length is larger than the skbuff length, then skbchecksum triggers BUGON. skbchecksum internally subtracts the length parameter...

device-dax: correct pgoff align in dax_set_mapping()

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of an offset and length cleanup issue prior to a skbchecksum function call...

CVE-2024-23377 Use of Out-of-range Pointer Offset in ComputerVision

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver...

SUSE CVE-2024-49873

In the Linux kernel, the following vulnerability has been resolved: mm/filemap: fix filemapgetfolioscontig THP panic Patch series "memfd-pin huge page fixes". Fix multiple bugs that occur when using memfdpinfolios with hugetlb pages and THP. The hugetlb bugs only bite when the page is not yet...

DEBIAN-CVE-2024-49873

In the Linux kernel, the following vulnerability has been resolved: mm/filemap: fix filemapgetfolioscontig THP panic Patch series "memfd-pin huge page fixes". Fix multiple bugs that occur when using memfdpinfolios with hugetlb pages and THP. The hugetlb bugs only bite when the page is not yet...

UBUNTU-CVE-2024-49996

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseDataLength. Function...

CVE-2024-49947

CVE-2024-49947 affects the Linux kernel net stack, specifically a vulnerability in virtio_net_hdr_to_skb() where an incorrectly set skb->csum_start could place the transport header before or after the network header when processing injected packets via af_packet. Syzbot-triggered warnings show...

CVE-2024-44966

...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-43897)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43897 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: drop bad gso csumstart and offset ...