432 matches found
CVE-2024-49953 net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling xfrmstatedelete twice The km.state is not checked in driver's delayed work. When xfrmstatecheckexpire is called, the state can be reset to XFRMSTATEEXPIRED, even if it is XFRMSTATEDEAD...
CVE-2024-49934 fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...
CVE-2024-47719
In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN overflows which corrupts the selected area range during...
Exploit for CVE-2024-47177
CUPS Honeypot Overview This project implements a honeypot...
The vulnerability of the foomatic-rip filter in the cups-filters printing package allows a hacker to execute arbitrary code.
The vulnerability of the foomatic-rip filter in the cups-filters printing package is related to the lack of measures taken to sanitize input data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
PT-2024-6441
Name of the Vulnerable Software and Affected Versions CUPS versions 2.x cups-filters versions up to 2.0.1 Description The issue is related to the FoomaticRIPCommandLine function in the CUPS printing system, which allows remote command execution via a PPD file. This can be exploited when combined...
CVE-2022-48945
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000 PF: supervisor write access in kernel mode PF: errorcode0x0002 - not-present page PGD 100000067...
CVE-2024-46721
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...
CVE-2024-46771 can: bcm: Remove proc entry when dev is unregistered.
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. syzkaller reported a warning in bcmconnect below. 0 The repro calls connect to vxcan1, removes vxcan1, and calls connect with ifindex == 0. Calling connect for a BCM socket...
CVE-2024-46771 can: bcm: Remove proc entry when dev is unregistered.
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. syzkaller reported a warning in bcmconnect below. 0 The repro calls connect to vxcan1, removes vxcan1, and calls connect with ifindex == 0. Calling connect for a BCM socket...
CVE-2024-45017 net/mlx5: Fix IPsec RoCE MPV trace call
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...
CVE-2024-44975
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: fix panic caused by partcmdupdate We find a bug as below: BUG: unable to handle page fault for address: 00000003 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOPTI CPU: 3 PID: 358 Comm: bash Tainted: G W I 6.6.0-10893-g60d...
CVE-2024-44989 bonding: fix xfrm real_dev null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...
CVE-2024-44943 mm: gup: stop abusing try_grab_folio
In the Linux kernel, the following vulnerability has been resolved: mm: gup: stop abusing trygrabfolio A kernel warning was reported when pinning folio in CMA memory when launching SEV virtual machine. The splat looks like: 464.325306 WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313...
CVE-2024-43899
A NULL pointer dereference vulnerability was found in dcn20getdcccompressioncap function in the dcn20resource.c file in the AMD GPU driver in the Linux Kernel. This issue could allow an attacker to make the system hang when using the mpv media player with specific hardware acceleration options...
CVE-2024-44942
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on F2FSINLINEDATA flag in inode during GC syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/inline.c:258! CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted...
CVE-2024-43895
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-43911 wifi: mac80211: fix NULL dereference at band check in starting tx ba session
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, linkdata/linkconf are dynamically allocated. They don't point to vif-bssconf. So, there will be no chanreq assigned to vif-bssconf an...
CVE-2024-43899
CVE-2024-43899 affects the Linux kernel’s DRM AMD display path. The vulnerability is a NULL pointer dereference in dcn20_resource.c that can cause a hang when MPV runs on a DCN401 dGPU, specifically during fullscreen playback after enabling fullscreen (double click). Affected component/function c...
CVE-2023-52912
CVE-2023-52912 relates to the Linux kernel’s DRM amdgpu subsystem. The issue arises during unloading of amdgpu where a bug in drm_buddy_free_block can trigger a kernel BUG and invalid opcode, as shown in the stack trace and kernel log snippet. The impact is a potentially local disruption of a sys...