191 matches found
DEBIAN-CVE-2024-35800
In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if getnextvariable is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot. Tested with QEMU and OVMF firmware...
CVE-2024-26942 net: phy: qcom: at803x: fix kernel panic with at8031_probe
In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031probe On reworking and splitting the at803x driver, in splitting function of at803x PHYs it was added a NULL dereference bug where priv is referenced before it's actually...
CVE-2024-26942 net: phy: qcom: at803x: fix kernel panic with at8031_probe
In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031probe On reworking and splitting the at803x driver, in splitting function of at803x PHYs it was added a NULL dereference bug where priv is referenced before it's actually...
perf: RISCV: Fix panic on pmu overflow handler
...
CVE-2024-26868
In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4fflayoutprepareds fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP:...
CVE-2024-26902 perf: RISCV: Fix panic on pmu overflow handler
In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler 1 idx of int is not desired when setting bits in unsigned long overflowedctrs, use BIT instead. This panic happens when running 'perf record -e branches' on sophgo sg2042. 273.311852...
CVE-2024-26868
In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4fflayoutprepareds fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP:...
SUSE CVE-2024-26640
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to canmapfrag these additional checks: - Page must not be a compound one....
CVE-2024-26640 tcp: add sanity checks to rx zerocopy
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to canmapfrag these additional checks: - Page must not be a compound one....
UBUNTU-CVE-2021-47134
In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setuparch would invoke efiinit-efigetfdtparams. If no valid fdt found then initialbootparams will be null. So we should stop further fdt processing here. I encountered this issue on risc...
DEBIAN-CVE-2023-52476
In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur when a vsyscall is made while LBR sampling is active. If the vsyscall is interrupted NMI for perf sampling, this call sequence can occur most recent at top:...
CVE-2021-46999
In the Linux kernel, the following vulnerability has been resolved: sctp: do asoc update earlier in sctpsfdodupcooka There's a panic that occurs in a few of envs, the call trace is as below: general protection fault, ... 0x29acd70f1000a: 0000 1 SMP PTI RIP:...
UBUNTU-CVE-2021-46936
In the Linux kernel, the following vulnerability has been resolved: net: fix use-after-free in twtimerhandler A real world panic issue was found as follow in Linux 5.4. BUG: unable to handle page fault for address: ffffde49a863de28 PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0...
CVE-2024-23650 BuildKit possible panic when incorrect parameters sent from frontend
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...
kernel: ptdma: pt_core_execute_cmd() should use spinlock
In the Linux kernel, the following vulnerability has been resolved: ptdma: ptcoreexecutecmd should use spinlock The interrupt handler ptcoreirqhandler of the ptdma driver can be called from interrupt context. The code flow in this function can lead down to ptcoreexecutecmd which will attempt to...
CVE-2023-42805 quinn-proto Denial of Service vulnerability
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
SUSE-SU-2023:0271-1 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122127 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167. - CVE-2022-3565: Fixed use-after-free in...
CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...
GSD-2022-1008309 net: gso: fix panic on frag_list with mixed head alloc types
net: gso: fix panic on fraglist with mixed head alloc types This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.300 by commit...
GSD-2022-1008250 net: gso: fix panic on frag_list with mixed head alloc types
net: gso: fix panic on fraglist with mixed head alloc types This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.267 by commit...