CVE-2024-56710 ceph: fix memory leak in ceph_direct_read_write()

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephdirectreadwrite The bvecs array which is allocated in itergetbvecsalloc is leaked and pages remain pinned if cephallocsparseextmap fails. There is no need to delay the allocation of sparseext map unti...

SUSE CVE-2024-53208

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in setpoweredsync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in setpoweredsync+0x3a/0xc0...

DEBIAN-CVE-2024-56591

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Use disabledelayedworksync This makes use of disabledelayedworksync instead canceldelayedworksync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding...

CVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Use disabledelayedworksync This makes use of disabledelayedworksync instead canceldelayedworksync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding...

AZL-55788 CVE-2024-53203 affecting package kernel for versions less than 5.15.184.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...

DEBIAN-CVE-2024-53207

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hcicmdsyncdequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G ...

DEBIAN-CVE-2024-53208

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in setpoweredsync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in setpoweredsync+0x3a/0xc0...

AZL-55733 CVE-2024-53203 affecting package kernel for versions less than 6.6.90.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...

UBUNTU-CVE-2024-53203

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...

UBUNTU-CVE-2024-53208

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in setpoweredsync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in setpoweredsync+0x3a/0xc0...

UBUNTU-CVE-2024-53182

In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfqreleaseprocessref into bfqputcooperator" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with syncbfqq, and bfqreleaseprocessref cannot be put into bfqputcooperator...

CVE-2024-53208

CVE-2024-53208 is a slab-use-after-free in Bluetooth MGMT set_powered_sync in the Linux kernel. Noise in the Miracle/SUSE advisories confirms the issue and lists it among fixed items in kernel live patches for SLES SLE 15 SPx. Remediation: upgrade/apply the kernel live patch referenced in SUSE/SO...

CVE-2024-53207 Bluetooth: MGMT: Fix possible deadlocks

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hcicmdsyncdequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a reuse-after-release read in the setpoweredsync function in the Bluetooth:MGMT module...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a post-release reuse vulnerability contained in the setpoweredsync function in the Bluetooth:MGMT module...

CVE-2024-54422

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tgw365 Evernote Sync evernote-sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through = 3.0.0...

CVE-2024-54422

CVE-2024-54422 is a Reflected XSS in Evernote Sync. The vulnerability occurs due to improper neutralization of input during web page generation, allowing an attacker to reflect malicious scripts. Affected software is Evernote Sync (from n/a up to version 3.0.0). The CVSS score in the source is 3....

CVE-2024-54422 WordPress Evernote Sync plugin <= 3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tgw365 Evernote Sync evernote-sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through = 3.0.0...

CVE-2024-54422 WordPress Evernote Sync plugin <= 3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gaowei Tang Evernote Sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through 3.0.0...

WordPress plugin Evernote Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...