CVE-2024-46760

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtwrxfillrxstatus on hw object and/or its fields because initialization routine can start getting USB replie...

CVE-2024-46760 wifi: rtw88: usb: schedule rx work after everything is set up

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtwrxfillrxstatus on hw object and/or its fields because initialization routine can start getting USB replie...

CVE-2024-46734 btrfs: fix race between direct IO write and fsync when using same fd

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one of them is doing direct IO writes while the other is doing fsync, we have a race where we c...

CVE-2024-44959

The CVE-2024-44959 entry concerns the Linux kernel tracefs component. It describes a root cause in the in-kernel memory reclaim path where structure layout randomization of struct inode can cause overlapping or misused RCU fields during freeing, potentially triggering list corruption (list_del) a...

CVE-2023-52896

A flaw was found in the Linux kernel’s btrfs module. A race condition can occur when one task tries to start the quota rescan worker while another tries to disable quotas. This issue can cause a NULL pointer dereference and result in a denial of service...

CVE-2022-48895

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hit the correct spot for the reboot while ther...

Information Disclosure

umbraco.cms is vulnerable Information Disclosure. The vulnerability is due to improper handling of error responses in the Management API, which causes stack trace information to be returned even when Umbraco is not in debug mode. It allows an attacker to gain access to internal details of the...

CVE-2024-43376

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...

CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...

CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...

CVE-2024-43834

In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of pagepooldestroy If the driver uses a page pool, it creates a page pool with pagepoolcreate. The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference...

CVE-2024-43837

CVE-2024-43837 (Linux kernel): The vulnerability is a null pointer dereference in BPF EXT program type resolution when dst_prog is not attached. The fix, as described in the primary document, changes resolve_prog_type() to return prog->type for BPF_PROG_TYPE_EXT when dst_prog is absent, instea...

CVE-2024-43837 bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolveprogtype for BPFPROGTYPEEXT When loading a EXT program without specifying attr-attachprogfd, the prog-aux-dstprog will be null. At this time, calling resolveprogtype anywhere will resul...

CVE-2024-43837 bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolveprogtype for BPFPROGTYPEEXT When loading a EXT program without specifying attr-attachprogfd, the prog-aux-dstprog will be null. At this time, calling resolveprogtype anywhere will resul...

CVE-2024-42301

In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I...

CVE-2024-42301

In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I...

CVE-2024-42301 dev/parport: fix the array out-of-bounds risk

In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I...

CVE-2024-42301 dev/parport: fix the array out-of-bounds risk

In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I...

CVE-2022-48808 net: dsa: fix panic when DSA master device unbinds on shutdown

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix panic when DSA master device unbinds on shutdown Rafael reports that on a system with LX2160A and Marvell DSA switches, if a reboot occurs while the DSA master dpaa2-eth is up, the following panic can be seen:...

CVE-2024-6614 Incorrect listing of stack frames

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox 128 and Thunderbird 128...