CVE-2024-27417

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6rtmgetaddr It seems that if userspace provides a correct IFATARGETNETNSID value but no IFAADDRESS and IFALOCAL attributes, inet6rtmgetaddr returns -EINVAL with an elevated "struct net...

CVE-2024-27417

CVE-2024-27417 affects the Linux kernel IPv6 path inet6_rtm_getaddr, where if userspace provides a correct IFA_TARGET_NETNSID but omits IFA_ADDRESS and IFA_LOCAL, the function could return -EINVAL while leaking an elevated net namespace reference. The issue is described as a potential 4net leak...

CVE-2024-27417 ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6rtmgetaddr It seems that if userspace provides a correct IFATARGETNETNSID value but no IFAADDRESS and IFALOCAL attributes, inet6rtmgetaddr returns -EINVAL with an elevated "struct net...

CVE-2024-27417 ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6rtmgetaddr It seems that if userspace provides a correct IFATARGETNETNSID value but no IFAADDRESS and IFALOCAL attributes, inet6rtmgetaddr returns -EINVAL with an elevated "struct net...

PT-2024-6188

Name of the Vulnerable Software and Affected Versions HDF5 Library versions prior to 1.14.4 Description The issue is related to a heap-based buffer overflow in the H5T conv struct opt function in the H5Tconv.c file of the HDF5 Library. This could potentially allow a remote attacker to impact the...

CVE-2024-27392

In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...

CVE-2024-26999

In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...

CVE-2024-27392

In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...

CVE-2024-27392

In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...

CVE-2024-27392 nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()

In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...

CVE-2024-27392

In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...

CVE-2024-27392

The CVE-2024-27392 entry concerns the Linux kernel nvme subsystem. A double-free occurred in ns_update_nuse() where kfree() ran after nvme_identify_ns() failed, freeing nvme_id_ns twice and triggering KASAN. The root cause is freeing the struct after identify_ns failure; the fix is to skip kfree(...

CVE-2024-27067 xen/evtchn: avoid WARN() when unbinding an event channel

In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN when unbinding an event channel When unbinding a user event channel, the related handler might be called a last time in case the kernel was built with CONFIGDEBUGSHIRQ. This might cause a WARN in the handle...

CVE-2024-27067

The CVE-2024-27067 issue is in the Linux kernel (xen/evtchn) where unbinding a user event channel could cause a WARN() in the handler if the kernel is built with CONFIG_DEBUG_SHIRQ. The fix adds an "unbinding" flag to struct user_event to short-circuit the handler, preventing the WARN() when unbi...

CVE-2024-27063 leds: trigger: netdev: Fix kernel panic on interface rename trig notify

In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kernel panic on interface rename trig notify Commit d5e01266e7f5 "leds: trigger: netdev: add additional specific link speed mode" in the various changes, reworked the way to set the LINKUP mode in commi...

CVE-2024-27006 thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Add missing count increment to thermaldebugtztripup The count field in struct tripstats, representing the number of times the zone temperature was above the trip point, needs to be incremented in...

CVE-2024-27006 thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Add missing count increment to thermaldebugtztripup The count field in struct tripstats, representing the number of times the zone temperature was above the trip point, needs to be incremented in...

CVE-2024-27004 clk: Get runtime PM before walking tree during disable_unused

In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disableunused Doug reported 1 the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 1 "echo 0...

CVE-2024-26957 s390/zcrypt: fix reference counting on zcrypt card objects

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed an use after free for the load field of the struct zcryptcard. The reason was an...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a security flaw in the count field in struct tripstats...