CVE-2024-44953

The CVE-2024-44953 entry documents a Linux kernel SCSI/UFS deadlock in RTC update handling triggered by runtime suspend waiting for RTC work flush, where the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume. The deadlock trace is provided, and the issue is stated to be resolved by ...

CVE-2024-44953 scsi: ufs: core: Fix deadlock during RTC update

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix deadlock during RTC update There is a deadlock when runtime suspend waits for the flush of RTC work, and the RTC work calls ufshcdrpmgetsync to wait for runtime resume. Here is deadlock backtrace: kworker/0:1...

CVE-2024-44953

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix deadlock during RTC update There is a deadlock when runtime suspend waits for the flush of RTC work, and the RTC work calls ufshcdrpmgetsync to wait for runtime resume. Here is deadlock backtrace: kworker/0:1...

CVE-2024-44953 scsi: ufs: core: Fix deadlock during RTC update

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix deadlock during RTC update There is a deadlock when runtime suspend waits for the flush of RTC work, and the RTC work calls ufshcdrpmgetsync to wait for runtime resume. Here is deadlock backtrace: kworker/0:1...

Malicious code in byted-rtc-robot-api-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69373c46b5c735a1890c7a3b601ef30c64493d656302703ceccd4d153e3dab11 Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...

SUSE CVE-2024-4764

Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox 126...

Reden 安全漏洞

Reden is an application by the individual developer Liyan Zhao. A security vulnerability exists in Reden prior to v.0.2.514 that could allow a remote attacker to execute arbitrary code via DEBUGRTCREQUESTSYNCDATA in KeyCallbacks.kt...

Update your browser: Security fixes for latest Chrome zero-day

News, Security Update your browser: Security fixes for latest Chrome zero-day Share December 22nd, 2023 Hi everyone! The latest patches to the Opera, Opera GX, Opera Crypto, and Opera for Android browsers address several recent vulnerabilities, including a zero-day exploit CVE-2023-7024. We...

SUSE CVE-2023-6705

Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

kernel: Linux kernel: Denial of Service due to function prototype mismatch

A flaw was found in the Linux kernel. A local attacker with low privileges could trigger a function prototype mismatch in the rtc: msc313 component's msc313rtcprobe function. This issue, related to kernel Control Flow Integrity kCFI validation, can lead to a system crash or process termination,...

kernel: rtc: pl031: fix rtc features null pointer dereference

A flaw was found in the rtc-pl031 module in the Linux kernel. The alarm feature bit was cleaned before device initialization, which caused a NULL pointer dereference when there was no interrupt line. This resulted in a system crash and a denial of service...

Unbreakable Enterprise kernel security update

5.15.0-106.131.4 - jbd2: check 'jh-btransaction' before removing it from checkpoint Zhihao Cheng - jbd2: fix checkpoint cleanup performance regression Zhang Yi - scsi: qla2xxx: Fix TMF leak through Quinn Tran - scsi: qla2xxx: Fix command flush during TMF Quinn Tran - scsi: qla2xxx: Limit TMF to 8...

OESA-2023-1671 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: An attacke...

PT-2023-16575 · Opennms · Meridian +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Horizon versions 31.0.8 through 32.0.2 Description: The issue is related to an XML external entity XXE injection vulnerability in the /rtc/post/ endpoint, which can be used to force Horizon to make arbitrary HTTP requests to internal...

DEBIAN-CVE-2022-4924

Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

MAL-2023-1211 Malicious code in infobip-rtc-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8d76ebaa2609c5ebc5a65e5f261d288d9664315a566a8a116c4ebff82d4a6c09 The OpenSSF Package Analysis project identified 'infobip-rtc-token' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

Mozilla: Use-after-free in WebRTC certificate generation

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...

Mozilla: Use-after-free in WebRTC certificate generation

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...

Mozilla: Use-after-free in WebRTC certificate generation

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...

SUSE CVE-2023-3215

Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...