65 matches found
af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
...
CVE-2022-49406 block: Fix potential deadlock in blk_ia_range_sysfs_show()
In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock in blkiarangesysfsshow When being read, a sysfs attribute is already protected against removal with the kobject node active reference counter. As a result, in blkiarangesysfsshow, there is no need to...
nvme: tcp: avoid race between queue_lock lock and destroy
...
CVE-2024-47143 dma-debug: fix a possible deadlock on radix_lock
In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radixlock radixlock shouldn't be held while holding dmahashentryidx.lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rqlock: CPU0 CPU1 CPU2 dmafreeatt...
OESA-2024-2590 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under skreceivequeue lock. Billy Jheng Bing-Jhong reported a race between unixgc and queueoob. unixgc tries to garbage-collect...
AZL-54642 CVE-2024-53100 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...
AZL-54601 CVE-2024-53100 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...
DEBIAN-CVE-2024-53100
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...
CVE-2024-53100
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...
CVE-2024-53100 nvme: tcp: avoid race between queue_lock lock and destroy
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...
kernel: Bluetooth: af_bluetooth: Fix deadlock
A flaw was found in the Linux kernel’s Bluetooth subsystem, specifically within the afbluetooth module. The issue arises when attempting to perform a socklock on the .recvmsg method, leading to a deadlock situation. In this scenario, multiple tasks wait indefinitely for a resource, causing...
kernel: Bluetooth: af_bluetooth: Fix deadlock
A flaw was found in the Linux kernel’s Bluetooth subsystem, specifically within the afbluetooth module. The issue arises when attempting to perform a socklock on the .recvmsg method, leading to a deadlock situation. In this scenario, multiple tasks wait indefinitely for a resource, causing...
SUSE CVE-2024-42234
In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s often on flags when freeing, yet the flags shown are not bad: PGlocked had been set and cleared??, and...
SUSE CVE-2024-36972
In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under skreceivequeue lock. Billy Jheng Bing-Jhong reported a race between unixgc and queueoob. unixgc tries to garbage-collect closed inflight sockets, and then if the socket has MSGOOB in...
AZL-48759 CVE-2024-36972 affecting package kernel for versions less than 6.6.64.2-9
In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under skreceivequeue lock. Billy Jheng Bing-Jhong reported a race between unixgc and queueoob. unixgc tries to garbage-collect closed inflight sockets, and then if the socket has MSGOOB in...
DEBIAN-CVE-2024-36972
In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under skreceivequeue lock. Billy Jheng Bing-Jhong reported a race between unixgc and queueoob. unixgc tries to garbage-collect closed inflight sockets, and then if the socket has MSGOOB in...
DEBIAN-CVE-2024-26886
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: afbluetooth: Fix deadlock Attemting to do socklock on .recvmsg may cause a deadlock as shown bellow, so instead of using socksock this uses skreceivequeue.lock on btsockioctl to avoid the UAF: INFO: task kworker/u9:1:1...
UBUNTU-CVE-2024-26886
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: afbluetooth: Fix deadlock Attemting to do socklock on .recvmsg may cause a deadlock as shown bellow, so instead of using socksock this uses skreceivequeue.lock on btsockioctl to avoid the UAF: INFO: task kworker/u9:1:1...
SUSE CVE-2023-52638
In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by changing j1939sockslock to rwlock The following 3 locks would race against each other, causing the deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...
CVE-2024-26690
CVE-2024-26690 affects the Linux kernel stmmac driver: it fixes a race in 64-bit statistics counters by splitting u64_stats_sync into three groups and adding per-CPU stats to avoid mutual-exclusion issues across tx, NAPI, and interrupt contexts. The write side of u64_stats_sync must be serialized...