PT-2024-18902 · Unknown · Resource Manager

Name of the Vulnerable Software and Affected Versions: Resource Manager affected versions not specified Description: The issue is related to memory corruption that occurs when preparing a shared memory notification for a memparcel in Resource Manager. Recommendations: At the moment, there is no...

UBUNTU-CVE-2024-3056

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources...

SUSE CVE-2024-40949

In the Linux kernel, the following vulnerability has been resolved: mm: shmem: fix getting incorrect lruvec when replacing a shmem folio When testing shmem swapin, I encountered the warning below on my machine. The reason is that replacing an old shmem folio with a new one causes memcgroupmigrate...

SUSE CVE-2024-39497

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Fix BUGON on mmapPROTWRITE, MAPPRIVATE Lack of check for copy-on-write COW mapping in drmgemshmemmmap allows users to call mmap with PROTWRITE and MAPPRIVATE flag causing a kernel panic due to BUGON in...

DEBIAN-CVE-2024-40949

In the Linux kernel, the following vulnerability has been resolved: mm: shmem: fix getting incorrect lruvec when replacing a shmem folio When testing shmem swapin, I encountered the warning below on my machine. The reason is that replacing an old shmem folio with a new one causes memcgroupmigrate...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue with the mm:shmem component getting the wrong lruvec when replacing the shmem folio...

SUSE CVE-2024-39293

In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instances redirect to the same...

Astra Linux - уязвимость в mbedtls

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...

Incorrect Initialization of Resource

Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Incorrect Initialization of Resource via CUDA SHM region registration. An attacker can cause a network issue, leading t...

SUSE CVE-2023-52775

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...

CVE-2024-36911

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need to...

RHEL 6 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: loading of untrusted PKCS11 modules in ssh-agent CVE-2016-10009 - openssh: Bounds check can be...

CVE-2024-36911 hv_netvsc: Don't free decrypted memory

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need to...

DEBIAN-CVE-2021-47536

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix wrong listdel in smclgrcleanupearly smclgrcleanupearly meant to delete the link group from the link group list, but it deleted the list head by mistake. This may cause memory corruption since we didn't remove the rea...

CVE-2024-35939

In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dmasetdecrypted failure On TDX it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers...

CVE-2024-35939

CVE-2024-35939 affects the Linux kernel: dma-direct: Leak pages on dma_set_decrypted() failure. In TDx, set_memory_encrypted()/set_memory_decrypted() failures can cause memory to be shared; DMA could leak decrypted/shared pages instead of freeing them, potentially leading to functional or securit...

UBUNTU-CVE-2024-35797

In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix two shmem bugs When cachestat on shmem races with swapping and invalidation, there are two possible bugs: 1 A swapin error can have resulted in a poisoned swap entry in the shmem inode's xarray. Calling...

CVE-2024-0088

NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data tampering...

CVE-2024-0088

NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data tampering...

CVE-2024-0088

CVE-2024-0088 affects the NVIDIA Triton Inference Server for Linux. The vulnerability resides in shared memory APIs, where a user can trigger an improper memory access via a network API, with potential consequences described as denial of service and data tampering. The NVIDIA security bulletin in...