kernel: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity for userspace to force a change of affinity for a VPE while the VPE has already been unmapped, but the...

The vulnerability of the perf/x86/intel/pt components in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the perf/x86/intel/pt components in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

DEBIAN-CVE-2024-5660

Use of Hardware Page Aggregation HPA and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass o...

CVE-2024-5660

Use of Hardware Page Aggregation HPA and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass o...

PT-2024-10062 · Amd +1 · Sev +2

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified Description: The issue is related to a security flaw in AMD's Secure Encrypted Virtualization SEV that allows attackers to bypass SEV protections and access encrypted memory regions. Th...

CLSA-2024-1733483766 Fix of 9 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-49992 - drm: remove all control node code - drm: add managed resources tied to drmdevice - drm: Set finalkfree in drmdevalloc - drm/plane: add drmmuniversalplanealloc - drm: Handle dev-unique with drmm - drm: Use drmm for drmdevinit cleanup - drm:...

kernel: cpufreq: amd-pstate: fix memory leak on CPU EPP exit

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc in amdpstateeppcpuinit is not freed in the analogous exit function, so fix that. rjw: Subject and changelog edits...

kernel: pstore/ram: Fix crash when setting number of cpus to an odd number

A vulnerability was found in the pstore/ram component of the Linux kernel, which caused crashes when the number of CPU cores was set to an odd number. This issue occurs because the odd-numbered zones became misaligned. This flaw allows a local, authenticated attacker to cause a denial of service...

kernel: pstore/ram: Fix crash when setting number of cpus to an odd number

A vulnerability was found in the pstore/ram component of the Linux kernel, which caused crashes when the number of CPU cores was set to an odd number. This issue occurs because the odd-numbered zones became misaligned. This flaw allows a local, authenticated attacker to cause a denial of service...

kernel: x86/mm: Randomize per-cpu entry area

A possible unauthorized memory access flaw was found in the Linux kernel cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. This issue could allow a local user to gain access to some important data with expected locatio...

K000148833: Intel Processor (SPP) vulnerabilities CVE-2024-36242 and CVE-2024-38660

Security Advisory Description CVE-2024-36242 Protection mechanism failure in the SPP for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2024-38660 Protection mechanism failure in the SPP for some IntelR XeonR processor...

gRPC: hpack table accounting errors can lead to denial of service

A flaw was found in the gRPC lib. This vulnerability allows hpack table accounting errors that could lead to unwanted disconnects between clients and servers in exceptional cases. This issue leads to Unbounded memory buffering in the HPACK parser and Unbounded CPU consumption in the HPACK parser...

The vulnerability of the Ethernet connection extension module of Mitsubishi Electric India GC-ENET-COM, related to the improper operation of the signal processor, allows a perpetrator to trigger a service failure.

The vulnerability of the Mitsubishi Electric India GC-ENET-COM Ethernet connection device is related to improper operation of the signal processor. Exploiting this vulnerability allows attackers to send specially crafted packets and trigger service failures...

The vulnerability of the Flow-X gas consumption controller and processor web service allows a intruder to access confidential information.

The vulnerability of the Flow-X gas consumption controller web service is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...

CVE-2024-39890

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The baseband software does not properly check the length specified by the CC Call...

PT-2024-28712 · Samsung · Samsung Exynos Modem +2

Name of the Vulnerable Software and Affected Versions: Samsung Exynos versions 980 through 9825 Samsung Exynos versions 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110 Samsung Exynos Modem versions 5123, 5300 Samsung Exynos Wearable Processor versions W920, W930, W1000 Description:...

Samsung Mobile Processor 安全漏洞

SAMSUNG Mobile Processor is a family of mobile processors from the South Korean company Samsung SAMSUNG. A security vulnerability exists in Samsung Mobile Processor that originates from the baseband software not properly checking the length of the CC designation, which can lead to out-of-bounds...

SAMSUNG Mobile Processor 安全漏洞

SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor, which results in a denial of service due to the baseband software not properly checking the length specified by the MM module...

CVE-2024-39343

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM Mobility Management module, which can lead to Denial of Servic...

The vulnerability of Intel Xeon processor microprogramming software, related to the implementation of incorrect control flow, allows a hacker to trigger a service failure.

The vulnerability of Intel Xeon processor microprogramming software is related to the implementation of incorrect control flow. Exploiting this vulnerability can allow an attacker to cause a service failure...