CVE-2024-49988

The CVE-2024-49988 issue affects the Linux kernel component ksmbd, specifically the ksmbd_conn structure. The related description states that oplock break requests use opinfo->conn, and that freeing of ->conn could be used on multichannel, so the patch adds a reference count to ksmbd_conn t...

CVE-2024-49988 ksmbd: add refcnt to ksmbd_conn struct

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add refcnt to ksmbdconn struct When sending an oplock break request, opinfo-conn is used, But freed -conn can be used on multichannel. This patch add a reference count to the ksmbdconn struct so that it can be freed when i...

CVE-2024-49988 ksmbd: add refcnt to ksmbd_conn struct

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add refcnt to ksmbdconn struct When sending an oplock break request, opinfo-conn is used, But freed -conn can be used on multichannel. This patch add a reference count to the ksmbdconn struct so that it can be freed when i...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.336.5.1 - vhost/scsi: null-ptr-dereference in vhostscsigetreq Haoran Zhang Orabug: 37138988 5.4.17-2136.336.5 - uek-rpm: Add skxedaccommon.ko to nanomodules Sherry Yang Orabug: 37030127 - EDAC, i10nm: make skxcommon.o a separate module Arnd Bergmann Orabug: 37030127 - uek-rpm:...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-2519)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : bpf, skmsg: Fix NULL pointer dereference in skpsockskbingressenqueueCVE-2024-36938 bpf, sockmap: Prevent lock inversion deadlock in map delete...

CVE-2024-46863 ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

CVE-2024-46862

CVE-2024-46862 pertains to the Linux kernel ASoC path for Intel soc-acpi-intel-mtl). The issue involved missing handling for an empty item in the snd_soc_acpi_link_adr array; the code tested !link->num_adr as a loop-ending condition, requiring an empty item in the array to terminate correctly....

CVE-2024-46862 ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

CVE-2024-46851 drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn10setdrr and dcstatedestruct dcstatedestruct nulls the resource context of the DC state. The pipe context passed to dcn10setdrr is a member of this resource context. If dcstatedestruct is...

CVE-2024-46850 drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35setdrr and dcstatedestruct dcstatedestruct nulls the resource context of the DC state. The pipe context passed to dcn35setdrr is a member of this resource context. If dcstatedestruct is...

CVE-2024-46832 MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed

In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don't call getc0compareint if timer irq is installed This avoids warning: 0.118053 BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 Caused by getc0compareint on secondary CPU. We al...

kernel: sched/deadline: Fix task_struct reference leak

A vulnerability was found in the Linux kernel's deadline scheduler in the enqueuetaskdl function, where the reference count is improperly decremented in certain situations, potentially causing a memory leak. This issue can lead to memory exhaustion over time...

mozilla: WASM type confusion involving ArrayTypes

The Mozilla Foundation's Security Advisory: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability...

mozilla: WASM type confusion involving ArrayTypes

The Mozilla Foundation's Security Advisory: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability...

mozilla: WASM type confusion involving ArrayTypes

The Mozilla Foundation's Security Advisory: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability...

mozilla: WASM type confusion involving ArrayTypes

The Mozilla Foundation's Security Advisory: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability...

CVE-2024-46763

CVE-2024-46763 (Linux kernel) involves a NULL pointer dereference in fou_gro_receive() during host shutdown. The NULL pointer is sk->sk_user_data (offset 8 in struct fou), which may be NULL when udp_tunnel_sock_release() clears sk_user_data and the tunnel socket is destroyed after an RCU grace...

mozilla: WASM type confusion involving ArrayTypes

The Mozilla Foundation's Security Advisory: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability...

mozilla: WASM type confusion involving ArrayTypes

The Mozilla Foundation's Security Advisory: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability...

mozilla: WASM type confusion involving ArrayTypes

The Mozilla Foundation's Security Advisory: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability...