GHSA-5VMP-M5V2-HX47 tough root metadata version is not checked for sequential versioning

Summary When updating the root role, a TUF client must establish a trusted line of continuity to the latest set of keys. While sequentially downloading new versions of the root metadata file, tough will not check that the root object version it received was the next sequential version from the...

pinmux: Use sequential access to access desc->pinmux data

...

CVE-2022-49706

In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefsiomapbegin for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent an IO, but the iomap...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from xascreaterange incorrectly handling multiple sequential entries when they exist...

CVE-2024-47141

In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc-pinmux data When two client of the same gpio call pinctrlselectstate for the same functionality, we are seeing NULL pointer issue while accessing desc-muxowner. Let's say two processes...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a sequential problem with qlen adjustments in the network scheduler...

Security update for avahi

This update for avahi fixes the following issues: CVE-2024-52616: sequential increment of DNS transaction IDs allows DNS spoofing. bsc1233420 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from sequential allocation and access of entries in the SMEM partition, which may result in memory corruption if not managed properly...

SUSE CVE-2024-22117

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding...

CVE-2024-22117

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding...

CVE-2024-22117

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding...

CVE-2024-22117

CVE-2024-22117 describes a bug in the map element URL handling where the system increments sysmapelementurlid and a manual change (sysmapelementurlid + 1) can prevent others from adding URLs. Public advisories (NVD entry and OSV listings) reference the same issue, with vendor advisories noting th...

CVE-2024-22117 Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding...

CVE-2024-22117

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding...

CVE-2024-47680

CVE-2024-47680 affects the Linux kernel’s f2fs discard handling for conventional zones on zoned block devices. The root cause is that f2fs relied on a discard capability check performed by bdev_max_discard_sectors() and bdev_is_zoned(), which bypasses to discard even when a device doesn’t support...

CVE-2024-21530

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a sequential problem with the release of job objects in the drm/xe component, which could lead to reuse afte...

CVE-2024-36919

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spinlockbh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as...

CVE-2024-36919 scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spinlockbh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as...

CVE-2021-47172

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers Channel numbering must start at 0 and then not have any holes, or it is possible to overflow the available storage. Note this bug was introduced as pa...