684 matches found
CVE-2024-44931
In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...
AZL-48635 CVE-2024-44931 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...
CVE-2024-44931 gpio: prevent potential speculation leaks in gpio_device_get_desc()
In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...
CVE-2024-44931
CVE-2024-44931 describes a speculative information-leak in the Linux kernel gpio path: userspace can trigger a speculative read beyond the gpio descriptor array by calling gpio_ioctl() with an out-of-range offset. The fix sanitizes the offset before using it as an index by applying array_index_no...
CVE-2024-44931 gpio: prevent potential speculation leaks in gpio_device_get_desc()
In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...
Exploit for Deserialization of Untrusted Data in Givewp
Proof-Of-Concept Code for CVE-2024-8353 This repository conta...
Exploit for Command Injection in Commscope Arris_Tg2482A_Firmware
EN This project provides a Python script to exploit a remote c...
CVE-2024-42090
A deadlock flaw was found in the Linux kernel’s pinctrl subsystem. This flaw allows a local user to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and...
CVE-2024-42090
In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl, pinctrlmapsmutex is acquired before calling addsetting. If addsetting returns -EPROBEDEFER, createpinctrl calls pinctrlfree. However, pinctrlfree...
CVE-2024-42090 pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl, pinctrlmapsmutex is acquired before calling addsetting. If addsetting returns -EPROBEDEFER, createpinctrl calls pinctrlfree. However, pinctrlfree...
CVE-2024-42090
The CVE CVE-2024-42090 affects the Linux kernel pinctrl subsystem. Root cause: in create_pinctrl(), pinctrl_maps_mutex is held when add_setting() can return -EPROBE_DEFER, and the code then calls pinctrl_free(), which attempts to re-acquire pinctrl_maps_mutex, risking a deadlock. The patch fixes ...
CVE-2024-42090 pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl, pinctrlmapsmutex is acquired before calling addsetting. If addsetting returns -EPROBEDEFER, createpinctrl calls pinctrlfree. However, pinctrlfree...
6 Types of Applications Security Testing You Must Know About
Application security testing is a critical component of modern software development, ensuring that applications are robust and resilient against malicious attacks. As cyber threats continue to evolve in complexity and frequency, the need to integrate comprehensive security measures throughout the...
CVE-2024-41111 BishopFox Sliver Authenticated Remote Code Execution
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...
CVE-2024-39499
A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks. Mitigation Mitigation for this issue is either no...
jq update
An update is available for jq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bug Fixes: JQ findings from static application security testing Rocky Linux-37827...
SUSE CVE-2024-39499
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
CVE-2024-39499
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
CVE-2024-39499 vmci: prevent speculation leaks by sanitizing event in event_deliver()
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...
CVE-2024-39499 vmci: prevent speculation leaks by sanitizing event in event_deliver()
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...