Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52778: mptcp: deal with large GSO size bsc1224948. CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision...

NodeMCU 安全漏洞

NodeMCU is a Lua-based open source firmware from NodeMCU Open Source. A security vulnerability exists in NodeMCU version v3.0.0-release20240225, which stems from the getnum function in /modules/struct.c containing an integer overflow...

PT-2024-27115 · Nodemcu · Nodemcu

Name of the Vulnerable Software and Affected Versions: nodemcu versions prior to 3.0.0-release 20240225 Description: The issue is related to an integer overflow in the getnum function located at /modules/struct.c. This overflow can be exploited, potentially leading to unintended behavior. No...

kernel: nbd: always initialize struct msghdr completely

In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...

CVE-2024-50241

In the Linux kernel, the following vulnerability has been resolved: NFSD: Initialize struct nfsd4copy earlier Ensure the refcount and asynccopies fields are initialized early. cleanupasynccopy will reference these fields if an error occurs in nfsd4copy. If they are not correctly initialized, at t...

CVE-2024-50078

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call isoexit on module unload If isoinit has been called, isoexit must be called on module unload. Without that, the struct proto that isoinit registered with protoregister becomes invalid, which could cause...

CVE-2024-50078

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call isoexit on module unload If isoinit has been called, isoexit must be called on module unload. Without that, the struct proto that isoinit registered with protoregister becomes invalid, which could cause...

CVE-2024-50078

CVE-2024-50078 affects the Linux kernel Bluetooth ISO path. If iso_init() has been called, iso_exit() must be invoked on module unload; failing to do so makes the proto registered with proto_register() invalid, which can lead to list corruption and a kernel BUG (example: list_add corruption and a...

CVE-2022-49014

CVE-2022-49014 affects the Linux kernel net/tun subsystem. A use-after-free occurs in tun_detach() when sock_put() drops the last reference to struct net before net notifier code (notifier_call_chain/netdev_state_change) has finished accessing it. The patch fixes this by calling sock_put() from t...

CVE-2022-49014 net: tun: Fix use-after-free in tun_detach()

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tundetach syzbot reported use-after-free in tundetach 1. This causes call trace like below: ================================================================== BUG: KASAN: use-after-free in...

CVE-2022-49014 net: tun: Fix use-after-free in tun_detach()

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tundetach syzbot reported use-after-free in tundetach 1. This causes call trace like below: ================================================================== BUG: KASAN: use-after-free in...

CVE-2022-48952 PCI: mt7621: Add sentinel to quirks table

In the Linux kernel, the following vulnerability has been resolved: PCI: mt7621: Add sentinel to quirks table Current driver is missing a sentinel in the struct socdeviceattribute array, which causes an oops when assessed by the socdevicematchmt7621pciequirksmatch call. This was only exposed once...

CVE-2024-50037 drm/fbdev-dma: Only cleanup deferred I/O if necessary

In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Only cleanup deferred I/O if necessary Commit 5a498d4d06d6 "drm/fbdev-dma: Only install deferred I/O if necessary" initializes deferred I/O only if it is used. drmfbdevdmafbdestroy however calls fbdeferrediocleanup...

CVE-2024-50008

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexcmd80211scanext Replace one-element array with a flexible-array member in struct hostcmdds80211scanext. With this, fix the following warning: elo 16 17:51:58...

UBUNTU-CVE-2024-50008

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexcmd80211scanext Replace one-element array with a flexible-array member in struct hostcmdds80211scanext. With this, fix the following warning: elo 16 17:51:58...

CVE-2024-50011

CVE-2024-50011 is a Linux kernel vulnerability describing an ASoC: Intel soc-acpi-intel-rpl-match issue where an empty item is required in struct snd_soc_acpi_link_adr[]. The root cause is the absence of a links_num and the test !link->num_adr to end the loop in hda_sdw_machine_select(), which...

CVE-2024-50008 wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexcmd80211scanext Replace one-element array with a flexible-array member in struct hostcmdds80211scanext. With this, fix the following warning: elo 16 17:51:58...

CVE-2024-50008 wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexcmd80211scanext Replace one-element array with a flexible-array member in struct hostcmdds80211scanext. With this, fix the following warning: elo 16 17:51:58...

AZL-53022 CVE-2024-49925 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UAF race during...

CVE-2024-50002 static_call: Handle module init failure correctly in static_call_del_module()

In the Linux kernel, the following vulnerability has been resolved: staticcall: Handle module init failure correctly in staticcalldelmodule Module insertion invokes staticcalladdmodule to initialize the static calls in a module. staticcalladdmodule invokes staticcallinit, which allocates a struct...