CVE-2021-47209

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfsrq's Kevin is reporting crashes which point to a use-after-free of a cfsrq in updateblockedaverages. Initial debugging revealed that we've live cfsrq's onlist=1 in an about t...

CVE-2021-47209

The CVE-2021-47209 issue affects the Linux kernel’s scheduler, specifically sched/fair with the cfs_rq handling. A use-after-free of a cfs_rq occurs when a dying task group is unlinked or partially unlinked while a concurrent timer/race (tg_unthrottle_up via sched_cfs_period_timer) can re-add cfs...

Hands-on Review: Cynomi AI-powered vCISO Platform

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcin...

SUSE CVE-2024-26686

In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: use sig-statslock to gather the threads/children stats locktasksighand can trigger a hard lockup. If NRCPUS threads call dotaskstat at the same time and the process has NRTHREADS, it will spin with irqs...

CVE-2023-52359

Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module. Impact: Successful exploitation of this vulnerability will affect availability...

Open-Xchange App Suite 跨站脚本漏洞

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that stems from an embedded content reference in a task that can be used to temporarily execute script code in the context of a user's...

The vulnerability of the Apache Aurora task scheduling framework, related to information disclosure, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Apache Aurora task scheduler framework is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

XXL-JOB 注入漏洞

XXL-JOB is a distributed task scheduling platform based on the java language from the Xu Xueli XXL-JOB community. XXL-JOB 2.4.1 and earlier versions exist injection vulnerability, the vulnerability stems from the file com/xxl/job/core/util/JdkSerializeTool.java has a template injection...

CVE-2024-26780

A flaw was found in the Linux kernel's afunix subsystem where tasks could hang while purging out-of-bounds sockets during garbage collection. This issue could potentially lead to system instability. Mitigation Mitigation for this issue is either not available or the currently available options do...

CVE-2024-26782

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inetopt' for the new socket has the same value as the original one: as a...

CVE-2024-26750

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop oobskb ref before purging queue in GC. syzbot reported another task hung in unixgc. 0 The current while loop assumes that all of the left candidates have oobskb and calling kfreeskboobskb releases the remaining...

UBUNTU-CVE-2024-26780

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...

CVE-2024-26783

In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeupkswapd with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been...

CVE-2024-26780 af_unix: Fix task hung while purging oob_skb in GC.

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...

CVE-2024-26780 af_unix: Fix task hung while purging oob_skb in GC.

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...

CVE-2024-26780 af_unix: Fix task hung while purging oob_skb in GC.

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...

CVE-2024-26780

CVE-2024-26780 | Linux kernel (af_unix) — The vulnerability centers on a task hang during purging oob_skb in GC. The root cause is that list_for_each_entry_safe() is not actually safe when a single skb has references from multiple sockets; freeing such an skb can unlink current and next sockets i...

CVE-2024-26780

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...

CVE-2024-26750 af_unix: Drop oob_skb ref before purging queue in GC.

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop oobskb ref before purging queue in GC. syzbot reported another task hung in unixgc. 0 The current while loop assumes that all of the left candidates have oobskb and calling kfreeskboobskb releases the remaining...

CVE-2024-26750

CVE-2024-26750 affects the Linux kernel. The vulnerability was in af_unix garbage collection: a self-referencing oob_skb/FD scenario could cause __unix_gc() to hang due to a loop that fails to purge inflight sockets. The fix drops the oob_skb reference before purging the queue, allowing __skb_que...