CVE-2024-2689

Summary: CVE-2024-2689 is a Temporal Server DoS affecting versions 1.20.5, 1.21.6 and 1.22.7 where an authenticated user with workflow permissions can submit an invalid UTF-8 string to trigger a crashloop, causing queue lag and eventual resource exhaustion. The logs may reveal the failing workflo...

CVE-2024-2689 Denial of Service if invalid UTF-8 sent

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

CVE-2024-2689 Denial of Service if invalid UTF-8 sent

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

DEBIAN-CVE-2024-26743

In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedrcreateuserqp error flow Avoid the following warning by making sure to free the allocated resources in case that qedrinituserqueue fail. ----------- cut here ----------- WARNING: CPU: 0 PID: 143192 at...

CVE-2024-26743 RDMA/qedr: Fix qedr_create_user_qp error flow

In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedrcreateuserqp error flow Avoid the following warning by making sure to free the allocated resources in case that qedrinituserqueue fail. ----------- cut here ----------- WARNING: CPU: 0 PID: 143192 at...

CVE-2024-26690

CVE-2024-26690 affects the Linux kernel stmmac driver: it fixes a race in 64-bit statistics counters by splitting u64_stats_sync into three groups and adding per-CPU stats to avoid mutual-exclusion issues across tx, NAPI, and interrupt contexts. The write side of u64_stats_sync must be serialized...

CVE-2024-26690 net: stmmac: protect updates of 64-bit statistics counters

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: protect updates of 64-bit statistics counters As explained by a comment in , write side of struct u64statssync must ensure mutual exclusion, or one seqcount update could be lost on 32-bit platforms, thus blocking...

CVE-2024-26690 net: stmmac: protect updates of 64-bit statistics counters

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: protect updates of 64-bit statistics counters As explained by a comment in , write side of struct u64statssync must ensure mutual exclusion, or one seqcount update could be lost on 32-bit platforms, thus blocking...

PT-2024-21470 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A DoS tool that injects loads of authentication frames can cause the AP to crash. The iwl mvm is dup function couldn't find the per-queue dup data which was not allocated. The root cau...

bind9: Specific recursive query patterns may lead to an out-of-memory condition

A flaw was found in the named application, part of the bind9 package, which uses a cache database to speeds up DNS queries. To maintain its efficiency when running as a recursive name resolver, named performs a cache database clean up under certain conditions. This issue may allow an attacker to...

bind9: Specific recursive query patterns may lead to an out-of-memory condition

A flaw was found in the named application, part of the bind9 package, which uses a cache database to speeds up DNS queries. To maintain its efficiency when running as a recursive name resolver, named performs a cache database clean up under certain conditions. This issue may allow an attacker to...

PT-2024-26767 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a null pointer dereference in the aio complete function. Specifically, list del init careful needs to be the last access to the wait queue entry, as it...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Docker Registry, OpenSSH and go-git

Summary go-git and DockerRegistry are consumed through OSE packages. OSE package is shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2017-11468 DESCRIPTION: Docker...

SUSE CVE-2021-47150

In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fecenetinit If the memory allocated for cbdbase is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues...

RT-Thread 安全漏洞

RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. A security vulnerability exists in RT-Thread version 5.0.2, which stems from a stack-based buffer overflow in libc/posix/ipc/mqueue.c. The vulnerability is caused by the presence of a stack-based buffer...

CVE-2021-47178

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smpprocessorid in preemptible code The BUG message "BUG: using smpprocessorid in preemptible 00000000 code" was observed for TCMU devices with kernel config DEBUGPREEMPT. The message was observed when...

CVE-2021-47178 scsi: target: core: Avoid smp_processor_id() in preemptible code

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smpprocessorid in preemptible code The BUG message "BUG: using smpprocessorid in preemptible 00000000 code" was observed for TCMU devices with kernel config DEBUGPREEMPT. The message was observed when...

CVE-2021-47178

CVE-2021-47178 : Linux kernel vulnerability where smp_processor_id() was used in preemptible SCSI host work paths (target_core/tcm_loop), triggering a BUG: using smp_processor_id() in preemptible code on TCMU devices configured with DEBUG_PREEMPT. The symptom occurred during blktests (block/005) ...

CVE-2021-47163

In the Linux kernel, the following vulnerability has been resolved: tipc: wait and exit until all work queues are done On some host, a crash could be triggered simply by repeating these commands several times: modprobe tipc tipc bearer enable media udp name UDP1 localip 127.0.0.1 rmmod tipc BUG:...

UBUNTU-CVE-2021-47150

In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fecenetinit If the memory allocated for cbdbase is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues...