AZL-55195 CVE-2024-56549 affecting package kernel for versions less than 6.6.78.1-1

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object-file At present, the object-file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object-file lifetime are inconsistent, and...

DEBIAN-CVE-2024-53177

In the Linux kernel, the following vulnerability has been resolved: smb: prevent use-after-free due to opencacheddir error paths If opencacheddir encounters an error parsing the lease from the server, the error handling may race with receiving a lease break, resulting in opencacheddir freeing the...

UBUNTU-CVE-2024-53177

In the Linux kernel, the following vulnerability has been resolved: smb: prevent use-after-free due to opencacheddir error paths If opencacheddir encounters an error parsing the lease from the server, the error handling may race with receiving a lease break, resulting in opencacheddir freeing the...

CVE-2024-53177

CVE-2024-53177 relates to the Linux kernel SMB/CIFS implementation. The issue is a use-after-free in smb2_cached_lease_break/open_cached_dir race: when open_cached_dir() errors parsing a lease, a race with a lease-break can free a cfid while pending work remains. The fix drops references instead ...

AZL-54135 CVE-2024-53138 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

UBUNTU-CVE-2024-53138

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

kernel: drm/amdgpu: change vm->task_info handling

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm-taskinfo handling This patch changes the handling and lifecycle of vm-taskinfo object. The major changes are: - vm-taskinfo is a dynamically allocated ptr now, and its uasge is reference counted. - introduci...

SUSE CVE-2024-53095

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload runs on Kubernetes, and some pods mount CIFS servers in non-root...

DEBIAN-CVE-2024-53095

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload runs on Kubernetes, and some pods mount CIFS servers in non-root...

UBUNTU-CVE-2024-53095

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload runs on Kubernetes, and some pods mount CIFS servers in non-root...

CVE-2024-53095 smb: client: Fix use-after-free of network namespace.

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload runs on Kubernetes, and some pods mount CIFS servers in non-root...

Unspecified vulnerability in Linux kernel (CNVD-2024-46400)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of reference counting in the macprobe function, leading to reference disclosure. No detail...

kernel: soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe

The TI AM33xx power management driver in the Linux kernel fails to release reference counts acquired via wkupm3ipcget when errors occur during probe. Since the corresponding wkupm3ipcput call is missing from error paths, repeated probe failures gradually exhaust kernel resources...

kernel: mmc: core: Fix kernel panic when remove non-standard SDIO card

A flaw in the Linux kernel mmc core driver was discovered that could lead to a kernel panic and memory corruption when a non-standard SDIO card is removed. The Vulnerability arises because SDIO tuples are only allocated for standard SDIO cards, resulting in an inconsistent reference count for the...

kernel: drm/amdgpu: change vm->task_info handling

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm-taskinfo handling This patch changes the handling and lifecycle of vm-taskinfo object. The major changes are: - vm-taskinfo is a dynamically allocated ptr now, and its uasge is reference counted. - introduci...

kernel: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pcidevput pcigetdevice will increase the reference count for the returned pcidev. We need to use pcidevput to decrease the reference count before amdprobe returns. There ...

SUSE CVE-2024-50150

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device release refers to its parent device, but without keeping a reference to it. When registering the altmode, get a reference to the parent and put it in the...

SUSE CVE-2024-50166

In the Linux kernel, the following vulnerability has been resolved: fsl/fman: Fix refcount handling of fman-related devices In macprobe there are multiple calls to offinddevicebynode, fmanbind and fmanportbind which takes references to ofdev-dev. Not all references taken by these calls are releas...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of reference counting in the macprobe function, leading to reference disclosure. No detail...

SUSE CVE-2024-50130

In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in nfunregisternethook+0x640/0x6b0 Read of size 8 at addr ffff8880106fe400 by task repro/72= bpfnflinkrelease+0xda/0x1e0 bpflinkfree+0x139/0x2d0...