CVE-2024-35895 bpf, sockmap: Prevent lock inversion deadlock in map delete elem

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be invoked from any...

CVE-2024-35895

The CVE-2024-35895 vulnerability affects the Linux kernel, specifically the BPF sockmap/sockhash path. A deadlock could occur when map_delete_elem is invoked from a context where interrupts are disabled; the fix adds a hardirq-safety check to bail out if map_delete_elem runs in a non-hardirq-unsa...

CVE-2024-35860 bpf: support deferring bpf_link dealloc to after RCU grace period

In the Linux kernel, the following vulnerability has been resolved: bpf: support deferring bpflink dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and...

CVE-2024-35860 bpf: support deferring bpf_link dealloc to after RCU grace period

In the Linux kernel, the following vulnerability has been resolved: bpf: support deferring bpflink dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and...

indianaladin.com Cross Site Scripting vulnerability OBB-3928586

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

krihm.org Cross Site Scripting vulnerability OBB-3928547

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-27431

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdprxqinfo struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdprxqinfo data structure being used in the xdpbuff that backs the XDP...

CVE-2024-27431

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdprxqinfo struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdprxqinfo data structure being used in the xdpbuff that backs the XDP...

DEBIAN-CVE-2024-27431

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdprxqinfo struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdprxqinfo data structure being used in the xdpbuff that backs the XDP...

CVE-2024-27431

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdprxqinfo struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdprxqinfo data structure being used in the xdpbuff that backs the XDP...

CVE-2024-27431 cpumap: Zero-initialise xdp_rxq_info struct before running XDP program

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdprxqinfo struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdprxqinfo data structure being used in the xdpbuff that backs the XDP...

CVE-2024-27431

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdprxqinfo struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdprxqinfo data structure being used in the xdpbuff that backs the XDP...

CVE-2024-27431 cpumap: Zero-initialise xdp_rxq_info struct before running XDP program

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdprxqinfo struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdprxqinfo data structure being used in the xdpbuff that backs the XDP...

CVE-2024-27431

Technical details (affected products, impact, exploit info, and remediation specifics) are not publicly provided in the supplied documents. Monitor for official updates and vendor advisories for CVE-2024-27431.

CVE-2024-27431 cpumap: Zero-initialise xdp_rxq_info struct before running XDP program

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdprxqinfo struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdprxqinfo data structure being used in the xdpbuff that backs the XDP...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the lack of zero-initialization of the xdprxqinfo structure before running the XDP program...

CVE-2024-21843

Uncontrolled search path for some IntelR Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-21843

Uncontrolled search path for some IntelR Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-21843

Uncontrolled search path for some IntelR Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-21843

The CVE-2024-21843 entry concerns Intel® Computing Improvement Program software with an uncontrolled search path vulnerability prior to version 2.4.0.10654 that could allow a locally authenticated user to escalate privileges. Affected product: Intel® Computing Improvement Program (before 2.4.0.10...