kernel: nfsd: clean up potential nfsd_file refcount leaks in COPY codepath

A reference leak flaw was found in the Linux kernel's NFS server implementation in the file copy operation handling. A local user can trigger this issue when asynchronous copy operations fail to create worker threads, causing nfsdfile references held by the embedded copy structure to leak. This...

kernel: md/raid1: stop mdx_raid1 thread when raid1 array run failed

In the Linux kernel, the following vulnerability has been resolved: md/raid1: stop mdxraid1 thread when raid1 array run failed fail run raid1 array when we assemble array with the inactive disk only, but the mdxraid1 thread were not stop, Even if the associated resources have been released. it wi...

kernel: mm/slub: add missing TID updates on slab deactivation

In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slaballocnode assumes that c-slab is stable as long as the TID stays the same. However, two places in slaballoc currently don't update the TID when deactivatin...

PT-2025-25916 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A double free vulnerability in the Linux kernel on s390 architecture occurs when the fork system call fails after the initial task duplication and before the copy thread function is...

PT-2023-32943 · Audited · Audited

Name of the Vulnerable Software and Affected Versions: Audited versions 4.0.0 through 5.3.3 Description: A race condition exists in Audited that can result in an authenticated user causing audit log entries to be attributed to another user. This issue is related to Audited's use of Thread.current...

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations...

OESA-2023-1267 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A use-after-free flaw was found in ndlcremove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.CVE-2023-1990 The Linux kernel before 6.2.9 has a race...

SUSE-SU-2023:0868-2 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to...

SUSE CVE-2023-31081

An issue was discovered in drivers/media/test-drivers/vidtv/vidtvbridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtvmuxstopthread. In vidtvstopstreaming, after dvb-mux=NULL occurs, it executes vidtvmuxstopthreaddvb-mux...

CVE-2023-0045

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ibprctlset function updates the Thread Information Flags TIFs for the task and updates the SPECCTRL MSR on the function speculationctrlupdate, but the IBPB is only issued on the next...

PT-2023-2681 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel version 6.2 Description: An issue was discovered in the Linux kernel, specifically in the drivers/media/test-drivers/vidtv/vidtv bridge.c file. The problem is related to a NULL pointer dereference in the vidtv mux stop thread...

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in Linux kernel version 6.2, which originates from a NULL pointer dereference in vidtvmuxstopthread in...

DEBIAN-CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

Cross site scripting

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

CVE-2023-1998 Spectre v2 SMT mitigations problem in Linux kernel

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

New Zero-Click Exploits against iOS

Citizen Lab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Groups Pegasus spyware in 2022, and deployed by Mexico against human rights defenders. These vulnerabilities have all been patched. One interesting bit is that Apples Lockdown Mode part of iOS 16...

Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit

Exploit Title: Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit Author: nu11secur1ty CVE ID: CVE-2023-1998 Description Summary The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as...

SUSE CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

Missing Linux Kernel mitigations for 'Cross-Thread Return Address Predictions' hardware vulnerability (AMD-SB-1045)

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spai...