CVE-2022-48912 netfilter: fix use-after-free in __nf_register_net_hook()

In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in nfregisternethook We must not dereference @newhooks after nfhookmutex has been released, because other threads might have freed our allocated hooks already. BUG: KASAN: use-after-free in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition issue in the reweightentity function that results in a null pointer dereference when the...

CVE-2023-52903 io_uring: lock overflowing for IOPOLL

In the Linux kernel, the following vulnerability has been resolved: iouring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at iouring/iouring.c:734 iocqringeventoverflow+0x1c0/0x230 iouring/iouring.c:734 CPU: 0 PID: 28 Comm:...

PT-2024-7574

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58 Description The issue is related to a use-after-free problem in the f2fs stop gc thread function, caused by a race condition that may lead to exploitation, potentially affecting the confidentiality,...

GO-2023-1995 Answer has Race Condition within a Thread in github.com/answerdev/answer

Answer has Race Condition within a Thread in github.com/answerdev/answer...

CVE-2024-43380

A flaw was found in fugit's parser. Due to a lack of user input validation, the natural parser may accept any length of input and will attempt to parse it. The parse can create a thread which will never return, causing high CPU usage, which may lead to a Denial of Service...

CVE-2024-43380

fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sigh...

CVE-2024-43380

CVE-2024-43380 affects the fugit component used by the floraison group. The issue stems from the fugit "natural" parser, which converts phrases like “every Wednesday at 5pm” to a cron expression. It accepted inputs of any length and could continue parsing without returning, causing an uncontrolle...

CVE-2024-43820

In the Linux kernel, the following vulnerability has been resolved: dm-raid: Fix WARNONONCE check for syncthread in raidresume rm-raid devices will occasionally trigger the following warning when being resumed after a table load because DMRECOVERYRUNNING is set: WARNING: CPU: 7 PID: 5660 at...

PT-2024-30542 · Fugit +1 · Fugit +1

Name of the Vulnerable Software and Affected Versions: fugit versions prior to 1.11.1 Description: The fugit "natural" parser, which turns natural language into cron expressions, accepted any length of input and attempted to parse it without returning promptly. This could cause the parse call to...

fugit 安全漏洞

fugit is a floraison open source time tool for Ruby, rufus-scheduler and flor. A security vulnerability exists in versions of fugit prior to 1.11.1, which stems from improper user input length checking, and may result in a thread being occupied for an extended period of time without being able to...

fugit parse and parse_nat stall on lengthy input

Impact The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check user input leng...

SUSE CVE-2024-43820

In the Linux kernel, the following vulnerability has been resolved: dm-raid: Fix WARNONONCE check for syncthread in raidresume rm-raid devices will occasionally trigger the following warning when being resumed after a table load because DMRECOVERYRUNNING is set: WARNING: CPU: 7 PID: 5660 at...

DEBIAN-CVE-2024-43820

In the Linux kernel, the following vulnerability has been resolved: dm-raid: Fix WARNONONCE check for syncthread in raidresume rm-raid devices will occasionally trigger the following warning when being resumed after a table load because DMRECOVERYRUNNING is set: WARNING: CPU: 7 PID: 5660 at...

nilfs2: fix use-after-free of timer for log writer thread

...

kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

A vulnerability was found in the dotaskstat function in the Linux kernel, where due to excessive lock contention, a potential hard lockup could be created. This can create a performance bottleneck and lead to kernel unresponsiveness...

kernel: sched/psi: Fix use-after-free in ep_remove_wait_queue()

In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in epremovewaitqueue If a non-root cgroup gets removed when there is a thread that registered trigger and is polling on a pressure file within the cgroup, the polling waitqueue gets freed in the...

The vulnerability of the log_ctrl() function in the Linux operating system’s video driver allows a hacker to cause a service failure.

The vulnerability of the logctrl function in the drivers/media/v4l2-core/v4l2-ctrls-core.c file, a video driver for the Linux operating system, is related to mutual locking of execution threads. Exploiting this vulnerability could allow an attacker to cause a service failure...

qemu-kvm security update

7.2.0-13.el9 - vfio/migration: Enhance VFIO migration state tracing Avihai Horon - vfio/migration: Don't emit STOPCOPY VFIO migration QAPI event twice Avihai Horon - vfio/migration: Emit VFIO migration QAPI event Avihai Horon - qapi/vfio: Add VFIO migration QAPI event Avihai Horon -...

SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2024:2790-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2790-1 advisory. Update to Mozilla Thunderbird 115.13 MFSA 2024-31, bsc1226316: Security fixes: - CVE-2024-6600:...