7464 matches found
Security update for kernel-livepatch-MICRO-6-0-RT_Update_6
This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: CVE-2025-38089: sunrpc: handle SVCGARBAGE during svc auth processing as auth error bsc1245509 CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315 Patch Instructions: To install this SUSE...
CVE-2023-53685 tun: Fix memory leak for detached NAPI queue.
In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = int fdtun, fdtmp; char buf4 = ; fdtun ...
CVE-2023-53685 tun: Fix memory leak for detached NAPI queue.
In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = int fdtun, fdtmp; char buf4 = ; fdtun ...
CVE-2023-53685
The CVE-2023-53685 issue affects the Linux kernel tun driver when a TUN device is configured with IFF_TUN, IFF_NAPI, and IFF_MULTI_QUEUE and the queue is detached while a write happens. A memory leak can occur by enqueuing skbs into tfile->sk_write_queue after the queue is detached, due to a r...
EUVD-2025-32720
In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = int fdtun, fdtmp; char buf4 = ; fdtun ...
CVE-2023-53685
In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = int fdtun, fdtmp; char buf4 = ; fdtun ...
CVE-2022-50554
In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double -queuerq because of early timeout David Jeffery found one double -queuerq issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault ...
CVE-2022-50554 blk-mq: avoid double ->queue_rq() because of early timeout
In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double -queuerq because of early timeout David Jeffery found one double -queuerq issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault ...
CVE-2022-50552 blk-mq: use quiesced elevator switch when reinitializing queues
In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's runwork may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents...
CVE-2022-50552 blk-mq: use quiesced elevator switch when reinitializing queues
In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's runwork may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents...
CVE-2022-50552
CVE-2022-50552 : In the Linux kernel, the blk-mq path had a race where hctx->run_work could race with the elevator switch during reinitialization of hardware queues, potentially leading to use-after-free and kernel panics. The fix switches to a quiesced elevator switch and makes the previous e...
CVE-2022-50552
In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's runwork may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents...
EUVD-2025-32804
In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's runwork may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents...
CVE-2023-53635
CVE-2023-53635 concerns a Linux kernel conntrack timeout bug in nfnetlink_queue: the nf_conn->timeout value could be doubled/subtracted due to incorrect handling when unconfirmed vs. confirmed conntracks. The connected OpenVAS/Nessus entries document the fix as separating how ct->timeout is...
CVE-2023-53635 netfilter: conntrack: fix wrong ct->timeout value
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix wrong ct-timeout value struct nfconn-timeout is an interval before the conntrack confirmed. After confirmed, it becomes a timestamp. It is observed that timeout of an unconfirmed conntrack: - Set by...
CVE-2023-53635 netfilter: conntrack: fix wrong ct->timeout value
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix wrong ct-timeout value struct nfconn-timeout is an interval before the conntrack confirmed. After confirmed, it becomes a timestamp. It is observed that timeout of an unconfirmed conntrack: - Set by...
CVE-2022-50530 blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer dereference in blkmqclearrqmapping Our syzkaller report a null pointer dereference, root cause is following: blkmqallocmapandrqs set-tagshctxidx = blkmqallocmapandrqs blkmqallocmapandrqs blkmqallocrqs //...
EUVD-2025-32549
python-socketio vulnerable to arbitrary Python code execution RCE through malicious pickle deserialization in certain multi-server deployments...
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
Summary A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use...
GHSA-G8C6-8FJJ-2R4M python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
Summary A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use...