4642 matches found
CVE-2024-38780
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...
UBUNTU-CVE-2024-38780
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...
CVE-2024-38780 dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...
CVE-2024-38780 dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...
CVE-2024-38780 dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...
AZL-48939 CVE-2024-38630 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdttrigger When the cpu5wdt module is removing, the origin code uses deltimer to de-activate the timer. If the timer handler is running, deltimer could not stop it and wil...
DEBIAN-CVE-2024-38630
In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdttrigger When the cpu5wdt module is removing, the origin code uses deltimer to de-activate the timer. If the timer handler is running, deltimer could not stop it and wil...
SUSE CVE-2021-47590
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in mptcppushpending mptcppushpending may call mptcpflushjoinlist with subflow socket lock held. If such call hits mptcpsockoptsyncall then subsequently mptcpsockoptsync could try to lock the subflow socket for...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from the dma-buf/sw-sync module enabling IRQ from syncprintobj...
CVE-2021-47590
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in mptcppushpending mptcppushpending may call mptcpflushjoinlist with subflow socket lock held. If such call hits mptcpsockoptsyncall then subsequently mptcpsockoptsync could try to lock the subflow socket for...
DEBIAN-CVE-2021-47590
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in mptcppushpending mptcppushpending may call mptcpflushjoinlist with subflow socket lock held. If such call hits mptcpsockoptsyncall then subsequently mptcpsockoptsync could try to lock the subflow socket for...
CVE-2021-47590
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in mptcppushpending mptcppushpending may call mptcpflushjoinlist with subflow socket lock held. If such call hits mptcpsockoptsyncall then subsequently mptcpsockoptsync could try to lock the subflow socket for...
UBUNTU-CVE-2021-47590
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in mptcppushpending mptcppushpending may call mptcpflushjoinlist with subflow socket lock held. If such call hits mptcpsockoptsyncall then subsequently mptcpsockoptsync could try to lock the subflow socket for...
CVE-2021-47590
CVE-2021-47590 affects the Linux kernel MPTCP path. The deadlock occurs when __mptcp_push_pending() calls mptcp_flush_join_list() while holding the subflow socket lock, enabling __mptcp_sockopt_sync() to lock the subflow socket. The fix uses __mptcp_flush_join_list() (not plain mptcp_flush_join_l...
The vulnerability of the hci_le_big_sync_established_evt() function in the Linux operating system’s Bluetooth kernel implementation allows a attacker to cause a service failure.
The vulnerability of the hcilebigsyncestablishedevt function in the net/bluetooth/hcievent.c module of the Linux operating system’s Bluetooth kernel implementation is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2023-52759
In the Linux kernel, the following vulnerability has been resolved: gfs2: ignore negated quota changes When lots of quota changes are made, there may be cases in which an inode's quota information is increased and then decreased, such as when blocks are added to a file, then deleted from it. If t...
ElasticPress < 5.1.2 - Data Sync via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the dosync function. This makes it possible for unauthenticated attackers to sync data via a forged request granted they can trick a site administrator into performing an action such...
ai.onehouse:lakeview (>=0.26.0 <=0.29.0), ai.onehouse:lakeview-sync-tool (>=0.26.0 <=0.29.0) +340 more potentially affected by CVE-2024-35255 via com.azure:azure-identity (>=1.0.0-preview.4 <=1.12.1)
com.azure:azure-identity MAVEN version =1.0.0-preview.4, =0.26.0, =0.26.0, =1.0.0, =1.0.0, =1.2.3, =1.0.0, =1.0.0, =1.0.0-beta.4, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.6.4.6, =0.6.4.6, =0.6.4.11 and more Source cves: CVE-2024-35255 Source advisory: OSV:GHSA-M5VV-6R4H-3VJ9...
Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review
Microsofts June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This months release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Lets dive into the crucial insights from Microsofts Patch Tuesday...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and potentially perform actions with administrator privileges. The most serious vulnerability has been assigned...