PT-2024-40810 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow issue is reported, which can cause a crash. The crash occurs in the ih264d format convert and ih264d decode picture thread...

DEBIAN-CVE-2024-40969

In the Linux kernel, the following vulnerability has been resolved: f2fs: don't set RO when shutting down f2fs Shutdown does not check the error of thawsuper due to readonly, which causes a deadlock like below. f2fsiocshutdownF2FSGOINGDOWNFULLSYNC issuediscardthread - bdevfreeze - freezesuper -...

CVE-2024-39508

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: Use setbit and testbit at worker-flags Utilize setbit and testbit on worker-flags within iouring/io-wq to address potential data races. The structure ioworker-flags may be accessed through various data paths, leadi...

CVE-2024-39500

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

UBUNTU-CVE-2024-40969

In the Linux kernel, the following vulnerability has been resolved: f2fs: don't set RO when shutting down f2fs Shutdown does not check the error of thawsuper due to readonly, which causes a deadlock like below. f2fsiocshutdownF2FSGOINGDOWNFULLSYNC issuediscardthread - bdevfreeze - freezesuper -...

CVE-2024-40956

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irqprocessworklist Use listforeachentrysafe to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed via idxddesccomplete and...

CVE-2024-39510 cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefilesondemanddaemonread We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN:...

CVE-2024-39500 sock_map: avoid race between sock_map_close and sk_psock_put

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

CVE-2024-39501

...

CVE-2024-39500 sock_map: avoid race between sock_map_close and sk_psock_put

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

CVE-2024-39501

...

CVE-2024-39500 sock_map: avoid race between sock_map_close and sk_psock_put

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

[SECURITY] Fedora 39 Update: python-urllib3-1.26.19-1.fc39

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

SUSE: Security Advisory (SUSE-SU-2024:2399-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: Memory corruption in thread creation

The Mozilla Foundation Security Advisory describes this flaw as: In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Mozilla: Memory corruption in thread creation

The Mozilla Foundation Security Advisory describes this flaw as: In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption...

Mozilla: Memory corruption in thread creation

The Mozilla Foundation Security Advisory describes this flaw as: In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption...

Mozilla: Memory corruption in thread creation

The Mozilla Foundation Security Advisory describes this flaw as: In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption...

SUSE-SU-2024:2399-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.13.0 ESR MFSA 2024-30, bsc1226316: - CVE-2024-6600: Memory corruption in WebGL API - CVE-2024-6601: Race condition in permission assignment - CVE-2024-6602: Memory corruption in NSS -...