CVE-2024-49569 nvme-rdma: unquiesce admin_q before destroy it

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce adminq before destroy it Kernel will hang on destroy adminq while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" 0 ff61d23de260fb78 schedule at...

CVE-2024-49569 nvme-rdma: unquiesce admin_q before destroy it

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce adminq before destroy it Kernel will hang on destroy adminq while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" 0 ff61d23de260fb78 schedule at...

CVE-2024-56652

In the Linux kernel, the following vulnerability has been resolved: drm/xe/regsr: Remove register pool That pool implementation doesn't really work: if the krealloc happens to move the memory and return another address, the entries in the xarray become invalid, leading to use-after-free later: BU...

DEBIAN-CVE-2024-56652

In the Linux kernel, the following vulnerability has been resolved: drm/xe/regsr: Remove register pool That pool implementation doesn't really work: if the krealloc happens to move the memory and return another address, the entries in the xarray become invalid, leading to use-after-free later: BU...

CVE-2024-56652

In the Linux kernel, the following vulnerability has been resolved: drm/xe/regsr: Remove register pool That pool implementation doesn't really work: if the krealloc happens to move the memory and return another address, the entries in the xarray become invalid, leading to use-after-free later: BU...

Maximizing Productivity with Online Document Solutions

Many professionals juggle multiple document formats, leading to confusion and wasted time. Imagine a streamlined process that simplifies…...

CVE-2024-53096 mm: resolve faulty mmap_region() error path behaviour

In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmapregion error path behaviour The mmapregion function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memory leaks and other...

CVE-2024-47717 RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data With the latest Linux-6.11-rc3, the below NULL pointer crash is observed when SBI PMU snapshot is enabled for the guest and the guest is forcefully powered-off...

CVE-2021-4440

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGSSYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as ther...

Code Execution

javascript-deobfuscator is vulnerable to Code Execution. The vulnerability is due to crafted payloads targeting expression simplification, which allows an attacker to execute arbitrary code...

CVE-2024-36120

javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the...

CVE-2024-36120 javascript-deobfuscator crafted payload can lead to code execution

javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the...

CVE-2024-36120 javascript-deobfuscator crafted payload can lead to code execution

javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the...

CVE-2024-36120 javascript-deobfuscator crafted payload can lead to code execution

javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the...

JavaScript deobfuscator security vulnerability

JavaScript deobfuscator is a simple but powerful anti-obfuscator for Ben's personal developers. A security vulnerability exists in JavaScript deobfuscator versions prior to 1.1.0, which stems from a well-designed payload targeting expression simplification that may lead to code execution...

AZL-27991 CVE-2020-19725 affecting package z3 4.8.7-8

There is a use-after-free vulnerability in file pddsimplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempt to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free when processing files in pddsimplifier.cpp. An attacker can cause segmentation faults or execute arbitrary code by triggering unexpected memory access. This occurs as the solver is trying to simplify the constraints, whic...

Tackling the OAuth2 Client component model in Spring Security

In Spring Security 5, we saw many developments in the OAuth2 story with the introduction of OAuth2 Resource Server and OAuth2 Client into the framework. Today, it is quite convenient to develop applications that are secured by OAuth2 using the features available in OAuth2 Resource Server...

WhatsApp Upgrades Proxy Feature Against Internet Shutdowns

Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were firs...

PT-2022-33568 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.13 through v5.19.1 Description: The issue concerns a simplification problem in the devm spi register controller function. It was introduced in version v5.13 and fixed in version v5.19.2. The actual impact and attack...