6038 matches found
CVE-2022-49033
CVE-2022-49033 affects the Linux kernel’s btrfs qgroup code, where a sleep was performed in an invalid context during qgroup inheritance. The advisory and connected documents describe the fix as: call qgroup_dirty() on the destination qgroup and update the limit item in btrfs_run_qgroups() later,...
CVE-2022-49018 mptcp: fix sleep in atomic at close time
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sleep in atomic at close time Matt reported a splat at msk close time: BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877 inatomic: 1, irqsdisabled: 0, nonblock: 0, pid: 155, name:...
CVE-2022-48983 io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
In the Linux kernel, the following vulnerability has been resolved: iouring: Fix a null-ptr-deref in iotctxexitcb Syzkaller reports a NULL deref bug as follows: BUG: KASAN: null-ptr-deref in iotctxexitcb+0x53/0xd3 Read of size 4 at addr 0000000000000138 by task file1/1955 CPU: 1 PID: 1955 Comm:...
CVE-2022-48983 io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
In the Linux kernel, the following vulnerability has been resolved: iouring: Fix a null-ptr-deref in iotctxexitcb Syzkaller reports a NULL deref bug as follows: BUG: KASAN: null-ptr-deref in iotctxexitcb+0x53/0xd3 Read of size 4 at addr 0000000000000138 by task file1/1955 CPU: 1 PID: 1955 Comm:...
CVE-2022-48956 ipv6: avoid use-after-free in ip6_fragment()
In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6fragment Blamed commit claimed rcureadlock was held by ip6fragment callers. It seems to not be always true, at least for UDP stack. syzbot reported: BUG: KASAN: use-after-free in ip6dstidev...
CVE-2022-48954 s390/qeth: fix use-after-free in hsci
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix use-after-free in hsci KASAN found that addr was dereferenced after br2deveventwork was freed. ================================================================== BUG: KASAN: use-after-free in...
CVE-2024-50042
Technical details for CVE-2024-50042 are not publicly available in the provided documents. The connected advisories list kernel issues but do not disclose the affected product/version, root cause, impact, or a concrete fix for this CVE. Monitor for updates.
AZL-51165 CVE-2024-49863 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhostscsigetreq Since commit 3f8ca2e115e5 "vhost/scsi: Extract common handling code from control queue handler" a null pointer dereference bug can be triggered when guest sends an SCSI AN...
CVE-2024-49953 net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling xfrmstatedelete twice The km.state is not checked in driver's delayed work. When xfrmstatecheckexpire is called, the state can be reset to XFRMSTATEEXPIRED, even if it is XFRMSTATEDEAD...
CVE-2024-49884 ext4: fix slab-use-after-free in ext4_split_extent_at()
In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4splitextentat We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4splitextentat+0xba8/0xcc0 Read of...
CVE-2024-47736
In the Linux kernel, the following vulnerability has been resolved: erofs: handle overlapped pclusters out of crafted images properly syzbot reported a task hang issue due to a deadlock case where it is waiting for the folio lock of a cached folio that will be used for cache I/Os. After looking...
DEBIAN-CVE-2024-47736
In the Linux kernel, the following vulnerability has been resolved: erofs: handle overlapped pclusters out of crafted images properly syzbot reported a task hang issue due to a deadlock case where it is waiting for the folio lock of a cached folio that will be used for cache I/Os. After looking...
CVE-2024-47707 ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6uncachedlistflushdev Blamed commit accidentally removed a check for rt-rt6iidev being NULL, as spotted by syzbot: Oops: general protection fault, probably for non-canonical address...
CVE-2024-47701 ext4: avoid OOB when system.data xattr changes underneath the filesystem
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if evalueoffs is changed underneath the filesystem by some change in the block device, it will lead to...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a potential post-release reuse issue in the fbdev component pxafb in pxafbtask...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible post-release reuse error in the perfpendingtask function if the perfpendingtask function runs aft...
The vulnerability of the Passwork password manager lies in the improper implementation of the sequence of actions required for processing tasks. This allows attackers to compromise the integrity of the protected information.
The vulnerability of the Passwork password manager is related to the incorrect implementation of the sequence of actions performed. Exploiting this vulnerability allows a malicious actor, operating remotely, to compromise the integrity of the protected information...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-43856)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43856 advisory. - In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmamfreecoherent...
Fortra Robot Schedule Enterprise Agent 安全漏洞
Fortra Robot Schedule Enterprise Agent is a component of Fortra's Enterprise Task Scheduler software. A security vulnerability exists in Fortra Robot Schedule Enterprise Agent versions prior to 3.05 that stems from FTP username and password information being written to the agent log file when...
October 8, 2024—KB5044281 (OS Build 20348.2762)
October 8, 2024—KB5044281 OS Build 20348.2762 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when...