CVE-2022-48729

CVE-2022-48729 (Linux kernel) concerns an issue in IB/hfi1 where increasing ipoib send_queue_size could trigger a kernel panic. The root cause, as described in the supplied docs, is a miscalculation: a shift was treated as a function of the ring size instead of the item size, leading to a panic i...

CVE-2022-48729

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix panic with larger ipoib sendqueuesize When the ipoib sendqueuesize is increased from the default the following panic happens: RIP: 0010:hfi1ipoibdraintxring+0x45/0xf0 hfi1 Code: 31 e4 eb 0f 8b 85 c8 02 00 00 41 83 c4...

CVE-2021-47246

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created for the peer net device, which claims some host memory pages for its internal ring buffer. If the peer net device...

CVE-2021-47246

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created for the peer net device, which claims some host memory pages for its internal ring buffer. If the peer net device...

CVE-2021-47246

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created for the peer net device, which claims some host memory pages for its internal ring buffer. If the peer net device...

UBUNTU-CVE-2021-47246

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created for the peer net device, which claims some host memory pages for its internal ring buffer. If the peer net device...

CVE-2021-47246

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created for the peer net device, which claims some host memory pages for its internal ring buffer. If the peer net device...

SUSE CVE-2023-39017

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that...

UBUNTU-CVE-2023-39017

DISPUTED quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not...

PT-2023-26739 · Unknown · Quartz-Jobs

Name of the Vulnerable Software and Affected Versions: quartz-jobs versions 2.3.2 and below Description: The issue is related to a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument to...

Code injection

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service e.g., CPU consumption because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023...

CVE-2023-33297

Bitcoin Core prior to v24.1 is affected by CVE-2023-33297. When debug mode is not enabled, the node’s inventory-to-send queue draining is inefficient, allowing a denial-of-service (e.g., CPU consumption). The issue has been observed in the wild (May 2023). A fix is provided in Bitcoin Core 24.1 a...

CVE-2023-33297

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service e.g., CPU consumption because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023...

CVE-2023-33297

Removed by vendor...

kernel: iavf: Fix adminq error handling

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavfallocasqbufs/iavfallocarqbufs allocates with dmaalloccoherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Witho...

kernel: iavf: Fix adminq error handling

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavfallocasqbufs/iavfallocarqbufs allocates with dmaalloccoherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Witho...

kernel security and bug fix update

3.10.0-327.18.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.18.2 - lib keys: Fix ASN.1 indefinite length object parsing David Howells 1308814 1308815 CVE-2016-0758 3.10.0-327.18.1 - scsi bnx2fc: Fix FCP RSP residual parsing Maurizio Lombardi 1322279 1306342 - mm madvise: fix...