Lucene search
K

101 matches found

OSV
OSV
added 2024/08/26 11:15 a.m.5 views

AZL-48635 CVE-2024-44931 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...

5.5CVSS6.7AI score0.00248EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/08/26 11:15 a.m.23 views

CVE-2024-44931

In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...

5.5CVSS6.4AI score0.00248EPSS
Exploits0References34
OSV
OSV
added 2024/08/26 10:11 a.m.24 views

CVE-2024-44931 gpio: prevent potential speculation leaks in gpio_device_get_desc()

In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...

5.5CVSS6.3AI score0.00248EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2024/08/26 10:11 a.m.12 views

CVE-2024-44931 gpio: prevent potential speculation leaks in gpio_device_get_desc()

In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...

7AI score0.00248EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2024/08/26 10:11 a.m.24 views

CVE-2024-44931

In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...

5.5CVSS5.8AI score0.00248EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/07/31 9:17 a.m.22 views

CVE-2024-42090

A deadlock flaw was found in the Linux kernel’s pinctrl subsystem. This flaw allows a local user to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and...

4.7CVSS6AI score0.00189EPSS
Exploits0References4
NVD
NVD
added 2024/07/29 5:15 p.m.21 views

CVE-2024-42090

In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl, pinctrlmapsmutex is acquired before calling addsetting. If addsetting returns -EPROBEDEFER, createpinctrl calls pinctrlfree. However, pinctrlfree...

5.5CVSS0.00189EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2024/07/29 4:26 p.m.12 views

CVE-2024-42090 pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl, pinctrlmapsmutex is acquired before calling addsetting. If addsetting returns -EPROBEDEFER, createpinctrl calls pinctrlfree. However, pinctrlfree...

6.7AI score0.00189EPSS
Exploits0References8
OSV
OSV
added 2024/07/29 4:26 p.m.15 views

CVE-2024-42090 pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl, pinctrlmapsmutex is acquired before calling addsetting. If addsetting returns -EPROBEDEFER, createpinctrl calls pinctrlfree. However, pinctrlfree...

5.5CVSS6.2AI score0.00189EPSS
Exploits0References13
CVE
CVE
added 2024/07/29 4:26 p.m.193 views

CVE-2024-42090

The CVE CVE-2024-42090 affects the Linux kernel pinctrl subsystem. Root cause: in create_pinctrl(), pinctrl_maps_mutex is held when add_setting() can return -EPROBE_DEFER, and the code then calls pinctrl_free(), which attempts to re-acquire pinctrl_maps_mutex, risking a deadlock. The patch fixes ...

5.5CVSS6.6AI score0.00189EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2024/07/29 4:26 p.m.53 views

CVE-2024-42090 pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl, pinctrlmapsmutex is acquired before calling addsetting. If addsetting returns -EPROBEDEFER, createpinctrl calls pinctrlfree. However, pinctrlfree...

0.00189EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2024/07/15 5:4 p.m.24 views

CVE-2024-39499

A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks. Mitigation Mitigation for this issue is either no...

4.1CVSS8.3AI score0.00298EPSS
Exploits0References4
NVD
NVD
added 2024/07/12 1:15 p.m.24 views

CVE-2024-39499

In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...

7.1CVSS0.00298EPSS
Exploits0References9
OSV
OSV
added 2024/07/12 12:20 p.m.33 views

CVE-2024-39499 vmci: prevent speculation leaks by sanitizing event in event_deliver()

In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...

7.1CVSS6.2AI score0.00298EPSS
Exploits0References12
CVE
CVE
added 2024/07/12 12:20 p.m.190 views

CVE-2024-39499

CVE-2024-39499 (Linux kernel, vmci): The vulnerability allows speculative leaks via event_deliver() because user-controlled event_msg->event_data.event was used as an index without sanitization. The fix sanitizes the index to mitigate speculative information leaks. The issue is exploitable loc...

7.1CVSS6.3AI score0.00298EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/12 12:20 p.m.19 views

CVE-2024-39499 vmci: prevent speculation leaks by sanitizing event in event_deliver()

In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...

6.5AI score0.00298EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2024/07/12 12:20 p.m.15 views

CVE-2024-39499

In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...

7.1CVSS5.5AI score0.00298EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/07/11 3:19 p.m.103 views

Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 CVSS score: 9.3, the vulnerability has been described as a case of missing authentication in its...

9.8CVSS9.3AI score0.91783EPSS
Exploits11
RedhatCVE
RedhatCVE
added 2024/06/21 7:20 p.m.17 views

CVE-2024-33619

In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtimemap when allocated priv.runtimemap is only allocated when efinovamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...

4.4CVSS7AI score0.00239EPSS
Exploits0References4
NVD
NVD
added 2024/06/21 11:15 a.m.28 views

CVE-2024-33619

In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtimemap when allocated priv.runtimemap is only allocated when efinovamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...

5.5CVSS0.00239EPSS
Exploits0References4
Rows per page
Query Builder