CVE-2024-49932 btrfs: don't readahead the relocation inode on RST

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't readahead the relocation inode on RST On relocation we're doing readahead on the relocation inode, but if the filesystem is backed by a RAID stripe tree we can get ENOENT e.g. due to preallocated extents not being...

SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15 SP4) (SUSE-SU-2024:3695-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3695-1 advisory. This update for the Linux Kernel 5.14.21-15040024111 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed...

SUSE-SU-2024:3652-1 Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059158 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651. -...

kernel: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING

A vulnerability was found in the Linux kernel's md/raid5 implementation within the raid5d function. This flaw can cause a deadlock when handling I/O operations due to a conflict between the reconfigmutex and the MDSBCHANGEPENDING flag, leading to excessive CPU usage and denial of service...

CVE-2024-43914

...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-2544)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : bpf, skmsg: Fix NULL pointer dereference in skpsockskbingressenqueueCVE-2024-36938 bpf, sockmap: Prevent lock inversion deadlock in map delete...

kernel: md: fix resync softlockup when bitmap size is less than array size

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU3 stuck for 26s!...

USN-7019-1 linux-xilinx-zynqmp vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

CVE-2024-34545

Improper input validation in some IntelR RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access...

CVE-2024-36247

Improper access control in IntelR RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access...

CVE-2024-36261

Improper access control in IntelR RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access...

CVE-2024-34153

Uncontrolled search path element in IntelR RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-34543

Improper access control in IntelR RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-32666

NULL pointer dereference in IntelR RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via local access...

CVE-2024-28170

Improper access control in IntelR RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2024-32940

Improper access control in IntelR RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via adjacent access...

CVE-2024-33848

Uncaught exception in IntelR RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access...

CVE-2024-28170

Improper access control in IntelR RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2024-28170

Summary: CVE-2024-28170 is an improper access control vulnerability in Intel® RAID Web Console, affecting all versions. An authenticated user with local access may cause information disclosure. The issue is confirmed across multiple sources including NVD, Red Hat, and Intel’s advisory. Affected p...

CVE-2024-28170

Improper access control in IntelR RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access...