kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

PyJWT Issuer field partial matches allowed

Summary The wrong string if check is run for iss checking, resulting in "acb" being accepted for "abc". Details This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. diff - if isinstanceissuer, list: + if...

UBUNTU-CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

RIOT 安全漏洞

RIOT is RIOT's open source set of operating systems for applications in the Internet of Things IoT space. A security vulnerability exists in RIOT. An attacker exploiting this vulnerability can send IEEE 802.15.4 packets with forged length bytes and optionally forged FCS, which ultimately causes t...

PT-2024-35992 · Riot · Riot

Name of the Vulnerable Software and Affected Versions: RIOT affected versions not specified Description: A malicious actor can send a IEEE 802.15.4 packet with a spoofed length byte and optionally a spoofed FCS, resulting in an endless loop on a CC2538 receiver. The issue arises from the receiver...

CVE-2024-52337 Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

Oracle Linux 9 : edk2 (ELSA-2024-12842)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12842 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

PT-2024-10699 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to an incorrect bounds check in the sdpu extract attr seq function of sdp utils.cc, which could lead to a possible out of bounds...

kernel: drm/amd/display: Wake DMCUB before executing GPINT commands

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands Why DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. How Add dcwakeandexecutegpint to wrap the wake,...

kernel: stm class: Fix a double free in stm_register_device()

A vulnerability was found in the Linux kernel's stm class, where an improper memory management sequence in stmregisterdevice could lead to a double-free error. This issue occurs when the putdevice&stm-dev call triggers stmdevicerelease to free "stm", making the subsequent vfreestm call redundant...

K000148479: Linux kernel vulnerability CVE-2023-52881

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guideline...

CVE-2024-47739

...

The vulnerability of the netfilter component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the netfilter component in the Linux operating system’s kernel is related to errors in boundary-filling reading in the decodeseq function. Exploiting this vulnerability can allow an attacker to cause a service failure...

DEBIAN-CVE-2024-50121

In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsdshrinkerwork using sync mode in nfs4stateshutdownnet In the normal case, when we excute echo 0 /proc/fs/nfsd/threads, the function nfs4statedestroynet in nfs4stateshutdownnet will release all resources related to...

UBUNTU-CVE-2024-50113

In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix invalid port index for parent device In a commit 24b7f8e5cd65 "firewire: core: use helper functions for self ID sequence", the enumeration over self ID sequence was refactored with some helper functions with...

OESA-2024-2323 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the first one in the extent block, the code would corrupt extent tree...

OESA-2024-2304 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

kernel: mptcp: ensure snd_nxt is properly initialized on connect

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snduna: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 mptcpcleanuna+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules...

AZL-51927 CVE-2024-50083 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: requestsocksubflowv4: Possible SYN flooding on port :::20002. Sending cookies. ------------ cut here ------------ WARNING:...

python-django: Potential denial-of-service vulnerability in django.utils.html.urlize()

A flaw was found in Python's Django urlize and urlizetrunc functions. Excessive input with a specific sequence of characters may lead to denial of service...