CVE-2024-42234 mm: fix crashes from deferred split racing folio migration

In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s often on flags when freeing, yet the flags shown are not bad: PGlocked had been set and cleared??, and...

CVE-2024-42234 mm: fix crashes from deferred split racing folio migration

In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s often on flags when freeing, yet the flags shown are not bad: PGlocked had been set and cleared??, and...

CVE-2024-42234

CVE-2024-42234 affects the Linux kernel in the area of memory management, specifically the deferred split and large folio migration path. The root cause is a race during deferred_split_scan() where folios are moved to a local list without proper synchronization, risking double frees and related B...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition between a delayed split and a large folio migration in the mm module, which could lead to a...

SUSE CVE-2022-48862

In the Linux kernel, the following vulnerability has been resolved: vhost: fix hung thread due to erroneous iotlb entries In vhostiotlbaddrangectx, range size can overflow to 0 when start is 0 and last is ULONGMAX. One instance where it can happen is when userspace sends an IOTLB message with...

DEBIAN-CVE-2022-48863

In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix memory leak in dsppipelinebuild dsppipelinebuild allocates dup pointer by kstrdupcfg, but then it updates dup variable by strsep&dup, "|". As a result when it calls kfreedup, the dup variable contains NULL. Found by...

DEBIAN-CVE-2022-48862

In the Linux kernel, the following vulnerability has been resolved: vhost: fix hung thread due to erroneous iotlb entries In vhostiotlbaddrangectx, range size can overflow to 0 when start is 0 and last is ULONGMAX. One instance where it can happen is when userspace sends an IOTLB message with...

UBUNTU-CVE-2022-48862

In the Linux kernel, the following vulnerability has been resolved: vhost: fix hung thread due to erroneous iotlb entries In vhostiotlbaddrangectx, range size can overflow to 0 when start is 0 and last is ULONGMAX. One instance where it can happen is when userspace sends an IOTLB message with...

UBUNTU-CVE-2022-48802

In the Linux kernel, the following vulnerability has been resolved: fs/proc: taskmmu.c: don't read mapcount for migration entry The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 1 PREEMPT SMP KASAN CPU: 1 PID: 4392 Comm: syz-executor560 Not...

SUSE CVE-2024-40950

In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: fix misused mappinglargefoliosupport for anon folios When I did a large folios split test, a WARNING " 5059.122759 T166 Cannot split file folio to non-0 order" was triggered. But the test cases are only for anonmo...

DEBIAN-CVE-2024-40950

In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: fix misused mappinglargefoliosupport for anon folios When I did a large folios split test, a WARNING " 5059.122759 T166 Cannot split file folio to non-0 order" was triggered. But the test cases are only for anonmo...

CVE-2024-40950

In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: fix misused mappinglargefoliosupport for anon folios When I did a large folios split test, a WARNING " 5059.122759 T166 Cannot split file folio to non-0 order" was triggered. But the test cases are only for anonmo...

UBUNTU-CVE-2024-40950

In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: fix misused mappinglargefoliosupport for anon folios When I did a large folios split test, a WARNING " 5059.122759 T166 Cannot split file folio to non-0 order" was triggered. But the test cases are only for anonmo...

CVE-2024-40950 mm: huge_memory: fix misused mapping_large_folio_support() for anon folios

In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: fix misused mappinglargefoliosupport for anon folios When I did a large folios split test, a WARNING " 5059.122759 T166 Cannot split file folio to non-0 order" was triggered. But the test cases are only for anonmo...

CVE-2024-40950

In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: fix misused mappinglargefoliosupport for anon folios When I did a large folios split test, a WARNING " 5059.122759 T166 Cannot split file folio to non-0 order" was triggered. But the test cases are only for anonmo...

PT-2024-29168 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel related to the mapping large folio support function, which is only reasonable for page cache folios. However, in split huge page t...

httpd: mod_proxy_uwsgi HTTP response splitting

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client...

GNU Coreutils: Buffer Overflow Vulnerability

Background The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. Description A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution. Impact Please...

CVE-2024-39930

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...

CVE-2024-39930

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...