CVE-2023-41442

An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component...

pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory

Impact A client can send reliable-ordered packets 0, 2, 3, 4, 5 ... etc, and all the packets 2 and up will stay in the reliable-ordered queue until 1 arrives. A malicious client can exploit this to waste all available server memory by simply never sending the missing packet. Since the server...

kernel: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidhalua: Fix memleak for 'qdata' in aluaactivate If aluartpgqueue failed from aluaactivate, then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2c6980 size 32: comm...

kernel: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags

A flaw was found in the nvme module in the Linux kernel. A NULL pointer dereference can be triggered due to improper error management when the blkmqinitqueue function fails to set up the queue, resulting in a denial of service...

kernel: mlx5: fix possible ptp queue fifo use-after-free

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARNONONCE...

kernel: ice: xsk: disable txq irq before flushing hw

In the Linux kernel, the following vulnerability has been resolved: ice: xsk: disable txq irq before flushing hw iceqpdis intends to stop a given queue pair that is a target of xsk pool attach/detach. One of the steps is to disable interrupts on these queues. It currently is broken in a way that...

kernel: ice: xsk: prohibit usage of non-balanced queue id

In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z Above refers to a case where user would like to attach XSK socket in txonly mode at a queue id...

Description of the security update for Microsoft Exchange Server 2016: November 14, 2023 (KB5032147)

Description of the security update for Microsoft Exchange Server 2016: November 14, 2023 KB5032147 Notice See also KB 5032146 for additional information about issues that are fixed in this security update. This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn...

cups security and bug fix update

1:2.3.3op2-21 - bump the spec because the previous build was made with buildroot 9.2 1:2.3.3op2-20 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation 1:2.3.3op2-19 - CVE-2023-34241 cups: use-after-free in cupsdAcceptClient in scheduler/client.c - CVE-2023-32324 cups: heap...

kernel: mlx5: fix possible ptp queue fifo use-after-free

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARNONONCE...

kernel: null_blk: Always check queue mode setting from configfs

A missing validation flaw was found in the Linux kernel nullblk driver's configuration handling. A local user with access to configfs can configure a nullblk device with queuemode set to 1 legacy I/O path, which is no longer supported, causing the driver to proceed without proper validation and...

kernel: watch_queue: Fix NULL dereference in error cleanup

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Fix NULL dereference in error cleanup In watchqueuesetsize, the error cleanup code doesn't take account of the fact that freepage can't handle a NULL pointer when trying to free up buffer pages that did get allocated...

kernel: ice: xsk: disable txq irq before flushing hw

In the Linux kernel, the following vulnerability has been resolved: ice: xsk: disable txq irq before flushing hw iceqpdis intends to stop a given queue pair that is a target of xsk pool attach/detach. One of the steps is to disable interrupts on these queues. It currently is broken in a way that...

kernel: net/sched: sch_fq: fix integer overflow of "credit"

An integer overflow flaw was found in the Linux kernel network fair-queueing scheduler in the way the initial per-flow credit is set. If a configuration provides an excessively large initial quantum, the credit value can overflow to a negative number, leading to excessive scheduling and soft...

kernel: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix NULL dereference on q-elevator in blkmqelvswitchnone After grabbing q-sysfslock, q-elevator may become NULL because of elevator switch. Fix the NULL dereference on q-elevator by checking it with lock...

kernel: virtio-blk: Avoid use-after-free on suspend/resume

In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Avoid use-after-free on suspend/resume hctx-userdata is set to vq in virtblkinithctx. However, vq is freed on suspend and reallocated on resume. So, hctx-userdata is invalid after resume, and it will cause...

kernel: RDMA/rxe: Fix "kernel NULL pointer dereference" error

A NULL pointer dereference vulnerability was found in the RXE Soft-RoCE RDMA driver in the Linux kernel. When rxequeueinit fails during queue pair initialization in rxeqpinitreq, the task function and argument pointers qp-req.task.func and qp-req.task.arg remain uninitialized. The cleanup functio...

kernel: block, bfq: fix possible uaf for 'bfqq->bic'

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq-bic' Our test report a uaf for 'bfqq-bic' in 5.10: ================================================================== BUG: KASAN: use-after-free in bfqselectqueue+0x378/0xa30 CPU: 6 PID:...

kernel: watch_queue: Actually free the watch

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Actually free the watch freewatch does everything barring actually freeing the watch object. Fix this by adding the missing kfree. kmemleak produces a report something like the following. Note that as an address can b...

kernel: virtio_net: Fix error unwinding of XDP initialization

In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix error unwinding of XDP initialization When initializing XDP in virtnetopen, some rq xdp initialization may hit an error causing net device open failed. However, previous rqs have already initialized XDP and enabled...