DEBIAN-CVE-2022-48789

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport errorrecovery work While nvmetcpsubmitasynceventwork is checking the ctrl and queue state before preparing the AER command and scheduling iowork, in order to fully prevent a race...

AZL-47446 CVE-2022-48788 affecting package kernel for versions less than 5.15.32.1-3

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport errorrecovery work While nvmerdmasubmitasynceventwork is checking the ctrl and queue state before preparing the AER command and scheduling iowork, in order to fully prevent a ra...

UBUNTU-CVE-2022-48788

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport errorrecovery work While nvmerdmasubmitasynceventwork is checking the ctrl and queue state before preparing the AER command and scheduling iowork, in order to fully prevent a ra...

UBUNTU-CVE-2022-48789

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport errorrecovery work While nvmetcpsubmitasynceventwork is checking the ctrl and queue state before preparing the AER command and scheduling iowork, in order to fully prevent a race...

CVE-2022-48789

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport errorrecovery work While nvmetcpsubmitasynceventwork is checking the ctrl and queue state before preparing the AER command and scheduling iowork, in order to fully prevent a race...

SUSE CVE-2024-40942

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of meshpreqqueue objects The hwmp code use objects of type meshpreqqueue, added to a list in ieee80211ifmesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface ...

SUSE CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it...

SUSE CVE-2024-40992

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

DEBIAN-CVE-2024-40992

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

DEBIAN-CVE-2024-40942

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of meshpreqqueue objects The hwmp code use objects of type meshpreqqueue, added to a list in ieee80211ifmesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface ...

DEBIAN-CVE-2024-40925

In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e "blk-flush: reuse rq queuelist in flush state machine". The root cause is that we use...

AZL-68111 CVE-2024-39508 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: Use setbit and testbit at worker-flags Utilize setbit and testbit on worker-flags within iouring/io-wq to address potential data races. The structure ioworker-flags may be accessed through various data paths, leadi...

DEBIAN-CVE-2024-39502

In the Linux kernel, the following vulnerability has been resolved: ionic: fix use after netifnapidel When queues are started, netifnapiadd and napienable are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues' napi should be registered and...

UBUNTU-CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it...

UBUNTU-CVE-2024-40925

In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e "blk-flush: reuse rq queuelist in flush state machine". The root cause is that we use...

UBUNTU-CVE-2024-40942

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of meshpreqqueue objects The hwmp code use objects of type meshpreqqueue, added to a list in ieee80211ifmesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface ...

Authentication Bypass

github.com/nats-io/nats-server is vulnerable to Authentication bypass. The vulnerability is due to a failure to enforce negative user permissions in one scenario. Attackers can exploit this by using a queue subscription on the wildcard to access denied subjects...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the wifi:mac80211:mesh component that has a meshpreqqueue object...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the RDMA/mlx5 component failing to check if the value of the maxsge attribute of an SRQ exceeds the maximum...

NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects

NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...