17 matches found
EUVD-2022-54592
Malicious code in bioql PyPI...
CVE-2022-49640
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in procdouintvecminmax. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch...
CVE-2022-49641
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in procdouintvec. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch change...
CVE-2022-49640 sysctl: Fix data races in proc_douintvec_minmax().
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in procdouintvecminmax. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch...
CVE-2022-49641 sysctl: Fix data races in proc_douintvec().
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in procdouintvec. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch change...
CVE-2022-49640
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in procdouintvecminmax. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch...
CVE-2022-49641
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in procdouintvec. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch change...
CVE-2022-49641
CVE-2022-49641 concerns the Linux kernel sysctl path, where data races in proc_douintvec() could occur due to concurrent access. The fix switches internal access to READ_ONCE() and WRITE_ONCE(), reducing load/store tearing in readers/writers. The patch notes indicate proc_douintvec() is currently...
CVE-2022-49641 sysctl: Fix data races in proc_douintvec().
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in procdouintvec. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch change...
CVE-2022-49634
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in procdou8vecminmax. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch...
CVE-2022-49634 sysctl: Fix data-races in proc_dou8vec_minmax().
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in procdou8vecminmax. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch...
CVE-2022-49634
CVE-2022-49634 : In the Linux kernel, there are data-races in sysctl access to proc_dou8vec_minmax() due to concurrent readers/writers. The fix changes proc_dou8vec_minmax() to use internal READ_ONCE() and WRITE_ONCE() to mitigate races on the sysctl side. The patch notes indicate the function it...
CVE-2022-49587
The CVE-2022-49587 entry concerns a data-race in the Linux kernel related to reading sysctl_tcp_notsent_lowat, which could be modified concurrently. The fix is to add READ_ONCE() to the reader, addressing a sysctl data-race in the tcp stack. The vulnerability is rated with CVSS v3.1 metrics indic...
CVE-2022-49573 tcp: Fix a data-race around sysctl_tcp_early_retrans.
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpearlyretrans. While reading sysctltcpearlyretrans, it can be changed concurrently. Thus, we need to add READONCE to its reader...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from data contention in the cipso sysctl variable...
iOS / macOS 10.13.6 - if_ports_used_update_wakeuuid() 16-byte Uninitialized Kernel Stack Disclosure
/ macOS 10.13.4 introduced the file bsd/net/ifportsused.c, which defines sysctls for inspecting ports, and added the function IOPMCopySleepWakeUUIDKey to the file iokit/Kernel/IOPMrootDomain.cpp. Here's the code of the latter function: extern "C" bool IOPMCopySleepWakeUUIDKeychar buffer, sizet...
SuSE 10 Security Update : the Linux Kernel (x86_64) (ZYPP Patch Number 6730)
This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraidsas driver was worldwriteable, allowing local users to cause a denial of service or potential code...