SUSE CVE-2023-52836

In the Linux kernel, the following vulnerability has been resolved: locking/wwmutex/test: Fix potential workqueue corruption In some cases running with the test-wwmutex code, I was seeing odd behavior where sometimes it seemed flushworkqueue was returning before all the work threads were finished...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Intel Microcode vulnerabilities (USN-6797-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6797-1 advisory. It was discovered that some 3rd and 4th Generation Intel Xeon Processors did not properly restric...

CVE-2023-52706

In the Linux kernel, the following vulnerability has been resolved: gpio: sim: fix a memory leak Fix an inverted logic bug in gpiosimremovehogs that leads to GPIO hog structures never being freed...

DEBIAN-CVE-2023-52836

In the Linux kernel, the following vulnerability has been resolved: locking/wwmutex/test: Fix potential workqueue corruption In some cases running with the test-wwmutex code, I was seeing odd behavior where sometimes it seemed flushworkqueue was returning before all the work threads were finished...

DEBIAN-CVE-2023-52818

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 For pptable structs that use flexible array sizes, use flexible arrays...

DEBIAN-CVE-2023-52819

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use flexible array sizes, use flexible arrays...

UBUNTU-CVE-2023-52706

In the Linux kernel, the following vulnerability has been resolved: gpio: sim: fix a memory leak Fix an inverted logic bug in gpiosimremovehogs that leads to GPIO hog structures never being freed...

CVE-2024-4435

When storing unbounded types in a BTreeMap, a node is represented as a linked list of "memory chunks". It was discovered recently that when we deallocate a node, in some cases only the first memory chunk is deallocated, and the rest of the memory chunks remain incorrectly allocated, causing a...

CVE-2024-4435 BTreeMap memory leak when deallocating nodes with overflows

When storing unbounded types in a BTreeMap, a node is represented as a linked list of "memory chunks". It was discovered recently that when we deallocate a node, in some cases only the first memory chunk is deallocated, and the rest of the memory chunks remain incorrectly allocated, causing a...

Stable Structures 安全漏洞

Stable Structures is a collection of data structures open-sourced by DFINITY. A security vulnerability exists in Stable Structures versions prior to 0.6.0, which stems from a memory issue in BTreeMap when releasing an overflow node, which could lead to using too much memory or even running out of...

RUSTSEC-2024-0406 BTreeMap memory leak when deallocating nodes with overflows

When storing unbounded types in a BTreeMap, a node is represented as a linked list of "memory chunks". In some cases, when we deallocate a node only the first memory chunk is deallocated, and the rest of the memory chunks remain incorrectly allocated, causing a memory leak. In the worst case,...

BTreeMap memory leak when deallocating nodes with overflows

When storing unbounded types in a BTreeMap, a node is represented as a linked list of "memory chunks". In some cases, when we deallocate a node only the first memory chunk is deallocated, and the rest of the memory chunks remain incorrectly allocated, causing a memory leak. In the worst case,...

PT-2024-31137 · Unknown · Stable-Structures

Name of the Vulnerable Software and Affected Versions: stable-structures versions prior to 0.6.4 Description: When storing unbounded types in a BTreeMap, a node is represented as a linked list of "memory chunks". It was discovered that when a node is deallocated, in some cases only the first memo...

io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

CVE-2024-27075

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame...

CVE-2024-27075

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a security flaw in the PDO count in pdset...

CVE-2024-26897

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: delay all of ath9kwmieventtasklet until init is complete The ath9kwmieventtasklet used in ath9khtc assumes that all the data structures have been fully initialised by the time it runs. However, because of the order i...

CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

CVE-2024-26784 pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal

In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: Fix NULL dereference on scmiperfdomain removal On unloading of the scmiperfdomain module got the below splat, when in the DT provided to the system under test the 'power-domain-cells' property was missing. Indeed,...