CLSA-2024-1733483766 Fix of 9 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-49992 - drm: remove all control node code - drm: add managed resources tied to drmdevice - drm: Set finalkfree in drmdevalloc - drm/plane: add drmmuniversalplanealloc - drm: Handle dev-unique with drmm - drm: Use drmm for drmdevinit cleanup - drm:...

kernel: cpufreq: amd-pstate: fix memory leak on CPU EPP exit

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc in amdpstateeppcpuinit is not freed in the analogous exit function, so fix that. rjw: Subject and changelog edits...

kernel: pstore/ram: Fix crash when setting number of cpus to an odd number

A vulnerability was found in the pstore/ram component of the Linux kernel, which caused crashes when the number of CPU cores was set to an odd number. This issue occurs because the odd-numbered zones became misaligned. This flaw allows a local, authenticated attacker to cause a denial of service...

kernel: pstore/ram: Fix crash when setting number of cpus to an odd number

A vulnerability was found in the pstore/ram component of the Linux kernel, which caused crashes when the number of CPU cores was set to an odd number. This issue occurs because the odd-numbered zones became misaligned. This flaw allows a local, authenticated attacker to cause a denial of service...

kernel: x86/mm: Randomize per-cpu entry area

A possible unauthorized memory access flaw was found in the Linux kernel cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. This issue could allow a local user to gain access to some important data with expected locatio...

K000148833: Intel Processor (SPP) vulnerabilities CVE-2024-36242 and CVE-2024-38660

Security Advisory Description CVE-2024-36242 Protection mechanism failure in the SPP for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2024-38660 Protection mechanism failure in the SPP for some IntelR XeonR processor...

gRPC: hpack table accounting errors can lead to denial of service

A flaw was found in the gRPC lib. This vulnerability allows hpack table accounting errors that could lead to unwanted disconnects between clients and servers in exceptional cases. This issue leads to Unbounded memory buffering in the HPACK parser and Unbounded CPU consumption in the HPACK parser...

The vulnerability of the Ethernet connection extension module of Mitsubishi Electric India GC-ENET-COM, related to the improper operation of the signal processor, allows a perpetrator to trigger a service failure.

The vulnerability of the Mitsubishi Electric India GC-ENET-COM Ethernet connection device is related to improper operation of the signal processor. Exploiting this vulnerability allows attackers to send specially crafted packets and trigger service failures...

The vulnerability of the Flow-X gas consumption controller and processor web service allows a intruder to access confidential information.

The vulnerability of the Flow-X gas consumption controller web service is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...

CVE-2024-39890

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The baseband software does not properly check the length specified by the CC Call...

PT-2024-28712 · Samsung · Samsung Exynos Modem +2

Name of the Vulnerable Software and Affected Versions: Samsung Exynos versions 980 through 9825 Samsung Exynos versions 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110 Samsung Exynos Modem versions 5123, 5300 Samsung Exynos Wearable Processor versions W920, W930, W1000 Description:...

Samsung Mobile Processor 安全漏洞

SAMSUNG Mobile Processor is a family of mobile processors from the South Korean company Samsung SAMSUNG. A security vulnerability exists in Samsung Mobile Processor that originates from the baseband software not properly checking the length of the CC designation, which can lead to out-of-bounds...

CVE-2024-39343

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM Mobility Management module, which can lead to Denial of Servic...

The vulnerability of Intel Xeon processor microprogramming software, related to the implementation of incorrect control flow, allows a hacker to trigger a service failure.

The vulnerability of Intel Xeon processor microprogramming software is related to the implementation of incorrect control flow. Exploiting this vulnerability can allow an attacker to cause a service failure...

SAMSUNG Mobile Processor 安全漏洞

SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor, which results in a denial of service due to the baseband software not properly checking the length specified by the MM module...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated. A security vulnerability exists in Qualcomm Chipsets, which arises when a PAL client calls the PAL service API and passes a random value as a handle, which is not validated by the service, potentially resulting in invalid memo...

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.2.1), be.mogo.generator:mogo-generator-model (=1.0.0.RELEASE) +438 more potentially affected by CVE-2024-49203 via com.querydsl:querydsl-apt (>=4.0.0 <=5.1.0)

com.querydsl:querydsl-apt MAVEN version =4.0.0, =cloud-0.1, =1.0.2.RELEASE, =1.0.0.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =1.2.7.RELEASE, =1.0.0.RELEASE, =1.0.1, =1.0.1, =1.0.1, =2.0.1, =1.0.1, =1.0.1, =1.0.1, =2.1.18 and more Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

Security update for xen

This update for xen fixes the following issues: Security issues fixed: CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling bsc1232622 CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables bsc1232624 CVE-2024-45817: xen: x86: Deadlock in vlapicerror bsc1230366 Non-security...

Security update for ucode-intel

This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20241112 release bsc1233313 CVE-2024-21853: Faulty finite state machines FSMs in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enabl...

SUSE-SU-2024:4053-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20241112 release bsc1233313 - CVE-2024-21853: Faulty finite state machines FSMs in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially...