149 matches found
CVE-2024-38618
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to ...
CVE-2024-38618
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to ...
DEBIAN-CVE-2024-38618
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to ...
UBUNTU-CVE-2024-38618
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to ...
CVE-2024-38618
CVE-2024-38618 affects the Linux kernel: ALSA timer start tick time had no lower bound, enabling very small values (e.g., 1 tick at 1ns) that could trigger an unexpected RCU stall by repeatedly queuing expire updates. The connected docs describe the fix as a patch adding a sanity check for the ti...
CVE-2024-38618 ALSA: timer: Set lower bound of start tick time
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to ...
CVE-2024-38618
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to ...
SUSE CVE-2021-47318
In the Linux kernel, the following vulnerability has been resolved: archtopology: Avoid use-after-free for scalefreqdata Currently topologyscalefreqtick which gets called from schedulertick may end up using a pointer to "struct scalefreqdata", which was previously cleared by...
CVE-2021-47318
In the Linux kernel, the following vulnerability has been resolved: archtopology: Avoid use-after-free for scalefreqdata Currently topologyscalefreqtick which gets called from schedulertick may end up using a pointer to "struct scalefreqdata", which was previously cleared by...
DEBIAN-CVE-2021-47318
In the Linux kernel, the following vulnerability has been resolved: archtopology: Avoid use-after-free for scalefreqdata Currently topologyscalefreqtick which gets called from schedulertick may end up using a pointer to "struct scalefreqdata", which was previously cleared by...
CVE-2021-47318
In the Linux kernel, the following vulnerability has been resolved: archtopology: Avoid use-after-free for scalefreqdata Currently topologyscalefreqtick which gets called from schedulertick may end up using a pointer to "struct scalefreqdata", which was previously cleared by...
kernel: rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed
In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to rcuirqenterchecktick being kprobe-ed Registering a kprobe on rcuirqenterchecktick can cause kernel stack overflow as shown below. This issue can be reproduced by enabling CONFIGNOHZFULL and bootin...
Unbreakable Enterprise kernel security update
4.14.35-2047.535.2.1 - netfilter: nftables: reject QUEUE/DROP verdict parameters Florian Westphal Orabug: 36467681 CVE-2024-1086 4.14.35-2047.535.2 - Fix null ptr in rdstcprecvpath Allison Henderson Orabug: 33499812 - LTS version: v4.14.338 Saeed Mirzamohammadi - crypto: scompress - initialize...
Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.AutoSpy.10 Vulnerability: Unauthenticated Remote Command Execution...
kernel: tick/nohz: unexport __init-annotated tick_nohz_full_setup()
In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport init-annotated ticknohzfullsetup EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated init. The access to ...
kernel: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQLEVEL Baoquan reported that after triggering a crash the subsequent crash-kernel fails to boot about half of the time. It triggers a NULL pointer dereference in the periodic tick code...
CVE-2022-26943
The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited...
PT-2023-12895 · Motorola · Motorola Mtm5000
Name of the Vulnerable Software and Affected Versions: Motorola MTM5000 series firmwares affected versions not specified Description: The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG that relies on a tick count register as its sole entropy source. This...
Motorola MTM5000 Security Feature Issue Vulnerability
The Motorola MTM5000 is a mobile radio from Motorola, USA. The Motorola MTM5000 suffers from a security vulnerability that stems from the use of PRNG to generate TETRA authentication polls and the use of the tick count register as its only source of entropy, which can be exploited by an attacker ...
Unbounded tick arrays; add max length check to prevent gas issues.
Lines of code Vulnerability details Impact Tick arrays like tickTracking can grow unbounded. Could hit gas limit. As ticks are crossed, new TickTracking elements are pushed: function crossTicks bytes32 poolIdx, int24 exitTick, int24 entryTick internal tickTrackingpoolIdxexitTick.push...