6039 matches found
CVE-2023-52705 nilfs2: fix underflow in second superblock position calculations
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix underflow in second superblock position calculations Macro NILFSSB2OFFSETBYTES, which computes the position of the second superblock, underflows when the argument device size is less than 4096 bytes. Therefore, when...
UBUNTU-CVE-2021-47427
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix iscsitask use after free Commit d39df158518c "scsi: iscsi: Have abort handler get ref to conn" added iscsigetconn/iscsiputconn calls during abort handling but then also changed the handling of the case where we...
CVE-2021-47341
CVE-2021-47341 concerns the Linux kernel KVM mmio path, where a use-after-free flaw in kvm_vm_ioctl_unregister_coalesced_mmio could enable a flawed memory read (8 bytes) via a read access after the object is freed. The issue is in the ARM64 KVM coalesced_mmio code path and Trace shows a use-after...
CVE-2021-47309
CVE-2021-47309 affects the Linux kernel's net/tunnel code: skb_tunnel_info() may return a pointer to lwtstate->data without validating its type, risking out-of-bounds reads such as during VXLAN routing. Connected advisories (SUSE-SU-2024:2561-1 and related OSV/Nessus entries) confirm the fix i...
CVE-2021-47309
In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate-data before returning from skbtunnelinfo skbtunnelinfo returns pointer of lwtstate-data as iptunnelinfo type without validation. lwtstate-data can have various types such as mplsiptunnelencap, etc and these...
CVE-2021-47299 xdp, net: Fix use-after-free in bpf_xdp_link_release
In the Linux kernel, the following vulnerability has been resolved: xdp, net: Fix use-after-free in bpfxdplinkrelease The problem occurs between devgetbyindex and devxdpattachlink. At this point, devxdpuninstall is called. Then xdp link will not be detached automatically when dev is released. But...
Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users
A new attack campaign dubbed CLOUDREVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. "The VBScript and PowerShell scripts in the CLOUDREVERSER inherently involves command-and-control-like activities by using Google...
SUSE CVE-2024-35988
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASKSIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASKSIZE is wrong if any RAM exists above 4G, causing spurious failures in the userspace access...
PT-2024-11234 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when the XRSTOR instruction fails with a PF exception but still modifies the register state, which is considered architecturally valid by both Intel and AMD. This migh...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which can be exploited by an attacker to cause a portion of the FPU state that the fpurestoresig function attempts to load ...
CVE-2024-35997
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2CHIDREADPENDING flag to prevent lock-up The flag I2CHIDREADPENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantl...
CVE-2024-35991
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue drainworkqueue cannot be called safely in a spinlocked context due to possible task rescheduling. In the multi-task scenario, calling queuework while drainworkqueue...
DEBIAN-CVE-2024-35988
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASKSIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASKSIZE is wrong if any RAM exists above 4G, causing spurious failures in the userspace access...
CVE-2024-35991
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue drainworkqueue cannot be called safely in a spinlocked context due to possible task rescheduling. In the multi-task scenario, calling queuework while drainworkqueue...
UBUNTU-CVE-2024-35988
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASKSIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASKSIZE is wrong if any RAM exists above 4G, causing spurious failures in the userspace access...
CVE-2024-35991
CVE-2024-35991: In the Linux kernel, idxd dmaengine code changed from a spinlock-protected event log workqueue to a mutex-protected approach to safely call drain_workqueue(). The root cause was calling drain_workqueue() while holding a spinlock, risking a Call Trace due to possible task reschedul...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of more than 4G of RAM, where the current definition of TASKSIZE is incorrect, leading to...
CVE-2024-23583
An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems...
CVE-2024-23583
An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems...
CVE-2024-23583
CVE-2024-23583 affects HCL BigFix Platform, specifically the Windows Client Deploy Tool, with root cause described as insufficiently protected credentials. The vulnerability could allow an attacker to intercept credentials via Task Manager and gain unauthorized access to the Client Deploy Tool on...