CVE-2024-38663 blk-cgroup: fix list corruption from resetting io stat

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 "blk-cgroup: Optimize blkcgrstatflush", each iostat instance is added to blkcg percpu list, so blkcgresetstats can't reset the stat instance by...

SUSE CVE-2024-38569

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisipcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd 1, but the driver does not check whether the array index is out of bounds when writing...

CVE-2024-38569 drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisipcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd 1, but the driver does not check whether the array index is out of bounds when writing...

The vulnerability of the xs_tcp_tls_setup_socket() function in the Linux operating system’s kernel-based RPC protocol allows a attacker to cause a service failure.

The vulnerability of the xstcptlssetupsocket function in the net/sunrpc/xprtsock.c module, which is part of the Linux operating system’s RPC protocol implementation, is related to the absence of a RPC request handler for stat. Exploiting this vulnerability could allow a malicious actor to cause...

SUSE CVE-2024-26686

In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: use sig-statslock to gather the threads/children stats locktasksighand can trigger a hard lockup. If NRCPUS threads call dotaskstat at the same time and the process has NRTHREADS, it will spin with irqs...

DEBIAN-CVE-2024-26686

In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: use sig-statslock to gather the threads/children stats locktasksighand can trigger a hard lockup. If NRCPUS threads call dotaskstat at the same time and the process has NRTHREADS, it will spin with irqs...

CVE-2024-26686 fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: use sig-statslock to gather the threads/children stats locktasksighand can trigger a hard lockup. If NRCPUS threads call dotaskstat at the same time and the process has NRTHREADS, it will spin with irqs...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a buffer overflow vulnerability in transstatshow...

PT-2024-29189

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock situation can occur during chip recovery in the Linux kernel, specifically in the wifi: mt76: mt7921s module. This happens when the kernel worker reset work holds a...

CVE-2020-36785

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomispalloccssstatbufs The "s3abuf" is freed along with all the other items on the "asd-s3astats" list. It leads to a double free and a use after free...

DEBIAN-CVE-2020-36785

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomispalloccssstatbufs The "s3abuf" is freed along with all the other items on the "asd-s3astats" list. It leads to a double free and a use after free...

UBUNTU-CVE-2020-36785

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomispalloccssstatbufs The "s3abuf" is freed along with all the other items on the "asd-s3astats" list. It leads to a double free and a use after free...

CVE-2021-46940

In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix offset overflow issue in index converting The idxtooffset function returns type int 32-bit signed, but MSRPKGENERGYSTAT is u32 and would be interpreted as a negative number. The end result is that it hi...

UBUNTU-CVE-2021-46940

In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix offset overflow issue in index converting The idxtooffset function returns type int 32-bit signed, but MSRPKGENERGYSTAT is u32 and would be interpreted as a negative number. The end result is that it hi...

PT-2024-21464

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the do task stat function, which can trigger a hard lockup if NR CPUS threads call it at the same time and...

PT-2024-12222 · Unknown · Oretnom23 Judging Management System

Name of the Vulnerable Software and Affected Versions: oretnom23 Judging Management System version 1.0 Description: The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the sub event id parameter in the "sub event stat update.php" endpoint...

The vulnerability of the ide_dma_cb() function in the QEMU hardware emulation software allows a attacker to gain access to read, modify, or delete data, or to cause a service failure.

The vulnerability of the idedmacb function in the QEMU hardware emulation software is related to synchronization errors when processing the DRQSTAT parameter. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data, or cause a service failure...

Information disclosure in Linux kernels through 3.1

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat...

kernel: netfilter: conntrack: fix using __this_cpu_add in preemptible

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix using thiscpuadd in preemptible Currently in nfconntrackhashcheckinsert, when it fails in nfctextvalidpre/post, NFCTSTATINC will be called in the preemptible context, a call trace can be triggered: BUG:...

kernel: afs: Fix dynamic root getattr

In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afsgetattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oop...