PT-2024-36851 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a missed RCU barrier on deoffloading in the Linux kernel. Running the rcutorture test with specific parameters can trigger a warning and a deadlock. The problem...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a sleep in the atomic context under the PREEMPTRT configuration in the LoongArch module...

PT-2024-35663

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc3+ Description A vulnerability in the Linux kernel has been resolved, specifically in the nfsd module. The issue arises when the last reference for cache head is reduced to zero in c show and e show usin...

kernel: drm/amd/display: Wake DMCUB before executing GPINT commands

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands Why DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. How Add dcwakeandexecutegpint to wrap the wake,...

kernel: tty: add the option to have a tty reject a new ldisc

A vulnerability was found in the Linux kernel's TTY subsystem, where the option to reject a new ldisc was improperly implemented, which can lead to a situation where the conwrite routine is called while holding a spinlock, potentially causing a sleep operation in an invalid context...

PT-2025-40700

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-00428-g9de1f9c8ca51 Description The Linux kernel contained a flaw where pr info was called with the rtp-cbs gbl lock spin lock locked. This could lead to a BUG like invalid wait context, as pr info calls...

SUSE CVE-2024-50111

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

AZL-52447 CVE-2024-50138 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Use rawspinlockt in ringbuf The function bpfringbufreserve is invoked from a tracepoint, which disables preemption. Using spinlockt in this context can lead to a "sleep in atomic" warning in the RT variant. This issue is...

CVE-2024-50138

In the Linux kernel, the following vulnerability has been resolved: bpf: Use rawspinlockt in ringbuf The function bpfringbufreserve is invoked from a tracepoint, which disables preemption. Using spinlockt in this context can lead to a "sleep in atomic" warning in the RT variant. This issue is...

AZL-52486 CVE-2024-50111 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

UBUNTU-CVE-2024-50138

In the Linux kernel, the following vulnerability has been resolved: bpf: Use rawspinlockt in ringbuf The function bpfringbufreserve is invoked from a tracepoint, which disables preemption. Using spinlockt in this context can lead to a "sleep in atomic" warning in the RT variant. This issue is...

CVE-2024-50138

CVE-2024-50138 concerns the Linux kernel BPF ringbuf handling. The issue arises when __bpf_ringbuf_reserve is invoked from a tracepoint with preemption disabled, where using spinlock_t could trigger a “sleep in atomic” warning on RT variants. The root cause is the use of a spinlock_t in the ringb...

CVE-2024-50111 LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which originates in the LoongArch architecture, and may cause the sleep function to be called in an inappropriate context i...

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-a...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-2616)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-2606)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : edk2 (ELSA-2024-28600)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-28600 advisory. - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain...

Oracle Linux 8 : edk2 (ELSA-2024-12795)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12795 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...