AWS VDP: Session Timeout Does Not Enforce Re-Authentication on AWS Access Portal

NOTE! Thanks for submitting a report to Amazon Web Services! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: AWS SSO...

PT-2024-8528

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.61 Description The issue is related to a use-after-free vulnerability in the sco sock timeout function in the Linux kernel's Bluetooth implementation. This vulnerability may allow an attacker to impact the...

After Upgrade Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Appliance Is Listed as Unavailable

Challenge After the upgrade of Veeam Backup & Replication to version 12.2 and subsequent upgrade of Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization to version 5, the Appliance is listed as Unavailable in the Veeam Backup & Replication Console. When this occurs,...

CVE-2024-48926

CVE-2024-48926 affects Umbraco CMS. The issue is an insufficient session expiration in the Backoffice where the logout page shows a timeout message ~30 seconds before the server session expires. Affected versions: 13.x prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. Patches are p...

CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

DEBIAN-CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

CVE-2024-50030 drm/xe/ct: prevent UAF in send_recv()

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

AZL-52317 CVE-2024-49963 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: mailbox: bcm2835: Fix timeout during suspend mode During noirq suspend phase the Raspberry Pi power driver suffer of firmware property timeouts. The reason is that the IRQ of the underlying BCM2835 mailbox is disabled and...

DEBIAN-CVE-2024-49963

In the Linux kernel, the following vulnerability has been resolved: mailbox: bcm2835: Fix timeout during suspend mode During noirq suspend phase the Raspberry Pi power driver suffer of firmware property timeouts. The reason is that the IRQ of the underlying BCM2835 mailbox is disabled and...

CVE-2024-49963

CVE-2024-49963: Linux kernel BCM2835 mailbox timeout during suspend fixed. Root cause: during noirq suspend, the BCM2835 mailbox IRQ is disabled, causing rpi_firmware_property_list() to timeout due to firmware transaction timeouts. Patch fixes the issue by setting the mailbox IRQ to IRQF_NO_SUSPE...

CVE-2024-49963 mailbox: bcm2835: Fix timeout during suspend mode

In the Linux kernel, the following vulnerability has been resolved: mailbox: bcm2835: Fix timeout during suspend mode During noirq suspend phase the Raspberry Pi power driver suffer of firmware property timeouts. The reason is that the IRQ of the underlying BCM2835 mailbox is disabled and...

CVE-2024-49855

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

SUSE CVE-2024-49855

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

AZL-50640 CVE-2024-49855 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

CVE-2024-49855

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

DEBIAN-CVE-2024-49855

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

UBUNTU-CVE-2024-49855

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

CVE-2024-49855 nbd: fix race between timeout and normal completion

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

CVE-2024-49855 nbd: fix race between timeout and normal completion

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a disabled IRQ in the BCM2835 mailbox during the noirq hang phase of the Raspberry Pi, causing the...