SUSE CVE-2024-47691

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free in f2fsstopgcthread syzbot reports a f2fs bug as below: dumpstack lib/dumpstack.c:88 inline dumpstacklvl+0x241/0x360 lib/dumpstack.c:114 printreport+0xe8/0x550 mm/kasan/report.c:491...

CVE-2024-47679

In the Linux kernel, the following vulnerability has been resolved: vfs: fix race between eviceinodes and findinode Hi, all Recently I noticed a bug1 in btrfs, after digged it into and I believe it'a race in vfs. Let's assume there's a inode ie ino 261 with icount 1 is called by iput, and there's...

AZL-50882 CVE-2024-47691 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free in f2fsstopgcthread syzbot reports a f2fs bug as below: dumpstack lib/dumpstack.c:88 inline dumpstacklvl+0x241/0x360 lib/dumpstack.c:114 printreport+0xe8/0x550 mm/kasan/report.c:491...

DEBIAN-CVE-2024-47691

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free in f2fsstopgcthread syzbot reports a f2fs bug as below: dumpstack lib/dumpstack.c:88 inline dumpstacklvl+0x241/0x360 lib/dumpstack.c:114 printreport+0xe8/0x550 mm/kasan/report.c:491...

UBUNTU-CVE-2024-47691

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free in f2fsstopgcthread syzbot reports a f2fs bug as below: dumpstack lib/dumpstack.c:88 inline dumpstacklvl+0x241/0x360 lib/dumpstack.c:114 printreport+0xe8/0x550 mm/kasan/report.c:491...

CVE-2024-47691

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free in f2fsstopgcthread syzbot reports a f2fs bug as below: dumpstack lib/dumpstack.c:88 inline dumpstacklvl+0x241/0x360 lib/dumpstack.c:114 printreport+0xe8/0x550 mm/kasan/report.c:491...

CVE-2024-47679 vfs: fix race between evice_inodes() and find_inode()&iput()

In the Linux kernel, the following vulnerability has been resolved: vfs: fix race between eviceinodes and findinode&iput Hi, all Recently I noticed a bug1 in btrfs, after digged it into and I believe it'a race in vfs. Let's assume there's a inode ie ino 261 with icount 1 is called by iput, and...

CVE-2024-47679 vfs: fix race between evice_inodes() and find_inode()&iput()

In the Linux kernel, the following vulnerability has been resolved: vfs: fix race between eviceinodes and findinode&iput Hi, all Recently I noticed a bug1 in btrfs, after digged it into and I believe it'a race in vfs. Let's assume there's a inode ie ino 261 with icount 1 is called by iput, and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from stopping cleaner kthread during uninstallation without waiting for the fixup job to complete, which could lead t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition between socket setup and I/O thread creation in the rxrpcopensocket function, which could...

tracing/timerlat: Only clear timer if a kthread exists

...

AZL-50349 CVE-2024-21238 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols...

AZL-50453 CVE-2024-21238 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols...

UBUNTU-CVE-2024-21238

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols...

SUSE CVE-2024-8184

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote which can be exploited by unauthorized users to cause remote denial-of-service DoS attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory...

PT-2024-33978

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the net/mlx5e module. The issue occurs when profile rollback fails in mlx5e netdev change profile, causing the...

CVE-2024-8602

When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE XML External Entity attack. Further information on this can be found on the website of the Open Worldwide Application Security Project OWASP. An attacker...

CVE-2024-8602

CVE-2024-8602 concerns XXE in XML parsing from PDFs via the default DocumentBuilder settings in taxstatement.jar. Connected data confirms affected software: taxstatement.jar versions 2.2.2 and 2.2.4. Root cause: DocumentBuilder configured to allow external entities, enabling an XML external entit...

memcg: protect concurrent access to mem_cgroup_idr

...

GHSA-7QMX-3FPX-R45M Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations

Impact Under certain concurrent event orderings, a wasmtime::Engine's internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption could, following an additional and particular...