DEBIAN-CVE-2024-53173

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfsreleaseseqid in...

AZL-55623 CVE-2024-53173 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfsreleaseseqid in...

CVE-2024-53166

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-lock, however bfqlimitdepth is deferencing bfqq from bic without the lock, this can lead to UAF if t...

CVE-2024-53227 scsi: bfa: Fix use-after-free in bfad_im_module_exit()

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfadimmoduleexit BUG: KASAN: slab-use-after-free in lockacquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: dumpstacklvl+0x95/0xe0 printreport+0xcb/0x6...

CVE-2024-53207

CVE-2024-53207 affects the Linux kernel Bluetooth subsystem (MGMT) and fixes a potential deadlock caused by hci_cmd_sync_dequeue, which could lead to hung tasks (e.g., kworker stuck at high load). The connected unpatched document provides an example traceback showing a deadlock scenario but does ...

CVE-2024-53190 wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Syzkaller reported a hung task with ueventshow on stack trace. That specific issue was addressed by another commit 0, but even with that fix applied...

CVE-2024-53173 NFSv4.0: Fix a use-after-free problem in the asynchronous open()

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfsreleaseseqid in...

CVE-2024-53173

CVE-2024-53173 — Linux kernel NFSv4.0 use-after-free fix . The vulnerability arises when two threads open files concurrently and abort before a reply is seen, leading to use-after-free of the defunct rpc task pointer due to nfs_release_seqid() in nfs4_opendata_free(). The patch ensures that if th...

CVE-2024-53166 block, bfq: fix bfqq uaf in bfq_limit_depth()

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-lock, however bfqlimitdepth is deferencing bfqq from bic without the lock, this can lead to UAF if t...

PT-2024-35654 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8.0-2024-03-19-intel-next-iLS-24ww14 Description: The issue is related to possible deadlocks in the Bluetooth management MGMT component of the Linux kernel, caused by the hci cmd sync dequeue function. This ca...

WordPress WP Project Manager plugin <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API vulnerability

Authenticated Subscriber+ Sensitive Information Exposure via Project Task List REST API vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin WP Project Manager versions = 2.6.15...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52778: mptcp: deal with large GSO size bsc1224948. CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision...

[SECURITY] Fedora 41 Update: golang-github-task-3.40.1-1.fc41

A task runner / simpler Make alternative written in Go...

CVE-2024-10548

CVE-2024-10548 affects the WordPress plugin WP Project Manager (Task, team, and project management) and is due to a Sensitive Information Exposure vulnerability in the REST endpoint "/wp-json/pm/v2/projects/1/task-lists". The issue is exploitable by authenticated users with Subscriber+ privileges...

CVE-2024-10548 WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List '/wp-json/pm/v2/projects/1/task-lists' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-10548 WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List '/wp-json/pm/v2/projects/1/task-lists' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level...

kernel: sched/numa: Fix the potential null pointer dereference in task_numa_work()

In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in tasknumawork When running stress-ng-vm-segv test, we found a null pointer dereference error in tasknumawork. Here is the backtrace: 323676.066985 Unable to handle kernel...

CVE-2024-12665

A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-12665

CVE-2024-12665 affects ruifang-tech Rebuild 3.8.5; the issue is a cross-site scripting vulnerability in an unknown function of the Task Comment Attachment Upload component. The manipulation enables remote execution of XSS and can be exploited remotely; the exploit has been disclosed publicly. The...

CVE-2024-12664 ruifang-tech Rebuild Project Task Comment cross site scripting

A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...