kernel: thermal/debugfs: Fix two locking issues with thermal zone debug

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointe...

kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

A vulnerability was found in the dotaskstat function in the Linux kernel, where due to excessive lock contention, a potential hard lockup could be created. This can create a performance bottleneck and lead to kernel unresponsiveness...

kernel: rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle()

A hung task warning issue was found in the RCU scaling test module. When the holdoff parameter exceeds hungtasktimeoutsecs, the kernel logs a hung task warning for the rcuscalewriter kthread...

kernel: Linux kernel: Denial of Service due to improper thread termination in rcuscale module

A flaw was found in the Linux kernel. A local attacker can exploit this vulnerability by loading and then unloading the rcuscale module while a specific test case is active. This improper handling of thread termination can lead to a use-after-free condition, causing a kernel crash and resulting i...

btrfs: wait for fixup workers before stopping cleaner kthread during umount

...

kthread: unpark only parked kthread

...

f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()

...

RLSA-2024:8842 Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

DEBIAN-CVE-2024-50146

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5enetdevchangeprofile, the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not calling profile-cleanup...

The vulnerability of the dmub_callback and dmub_thread_offload functions in Linux kernel allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the dmubcallback and dmubthreadoffload functions defined in the drivers/gpu/drm/amd/display/amdgpudm/amdgpudm.h header of the Linux kernel’s CPU is related to insufficient memory allocation, which leads to memory reading beyond the allocated buffer. Exploiting this...

AZL-52494 CVE-2024-50121 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsdshrinkerwork using sync mode in nfs4stateshutdownnet In the normal case, when we excute echo 0 /proc/fs/nfsd/threads, the function nfs4statedestroynet in nfs4stateshutdownnet will release all resources related to...

UBUNTU-CVE-2024-50106

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and freestateid There is a race between laundromat handling of revoked delegations and a client sending freestateid operation. Laundromat thread finds that delegation has expired and needs to be...

PT-2024-35665

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A race condition exists in the Linux kernel's f2fs file system, specifically in the f2fs stop gc thread function. This issue arises when concurrent calls are made to shut down the f2...

ALSA-2024:8842 Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

Vulnerability of the Server: Thread Pooling component of the Oracle MySQL Server database management system. This allows attackers to cause service interruptions.

The vulnerability of the Server: Thread Pooling component of the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the network MySQL protocol...

kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

A vulnerability was found in the dotaskstat function in the Linux kernel, where due to excessive lock contention, a potential hard lockup could be created. This can create a performance bottleneck and lead to kernel unresponsiveness...

CVE-2024-50052 Arbitrary post deletion via Playbooks /ignore-thread endpoint

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post...

SUSE CVE-2024-49864

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpcopensocket, it sets up the socket and then sets up the I/O thread that will handle it. This is a problem, however, as there's a gap between the two phases in...

SUSE CVE-2024-49866

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ODEBUG: init active active state 0 object:...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

...