kernel: dm thin: Fix UAF in run_timer_softirq()

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

kernel: rxrpc: fix a race in rxrpc_exit_net()

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix a race in rxrpcexitnet Current code can lead to the following race: CPU0 CPU1 rxrpcexitnet rxrpcpeerkeepaliveworker if rxnet-live rxnet-live = false; deltimersync&rxnet-peerkeepalivetimer;...

CLSA-2023-1683146027 kernel: Fix of 23 CVEs

media: rc: Fix use-after-free bugs caused by enetxirqsim CVE-2023-1118 - net: mpls: fix stale pointer if allocation fails during device rename CVE-2023-26545 - net/ulp: prevent ULP without clone op from entering the LISTEN status CVE-2023-0461 - Bluetooth: L2CAP: Fix u8 overflow CVE-2022-45934 -...

CLSA-2023-1682711913 kernel: Fix of 7 CVEs

mISDN: fix use-after-free bugs in l1oip timer handlers CVE-2022-3565 - media: rc: Fix use-after-free bugs caused by enetxirqsim CVE-2023-1118 - Bluetooth: btsdio: fix use after free bug in btsdioremove due to unfinished work CVE-2023-1989 - proc: procskipspaces shouldn't think it is working on C...

CLSA-2023-1682711481 kernel: Fix of 7 CVEs

mISDN: fix use-after-free bugs in l1oip timer handlers CVE-2022-3565 - media: rc: Fix use-after-free bugs caused by enetxirqsim CVE-2023-1118 - Bluetooth: btsdio: fix use after free bug in btsdioremove due to unfinished work CVE-2023-1989 - proc: procskipspaces shouldn't think it is working on C...

PT-2023-4320

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free vulnerability was found in the cxgb4 driver. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower stats timer from the work queue...

Read The Manual Locker: A Private RaaS Provider

Read The Manual Locker: A Private RaaS Provider By Trellix · April 13, 2023 This blog was written by Max Kersten The underground intelligence was obtained byN074B07. Another day, another ransomware-as-a-service RaaS provider, or so it seems. We’ve observed the “Read The Manual” RTM Locker gang,...

CBL Mariner 2.0 Security Update: kernel (CVE-2022-2318)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2318 advisory. - There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow...

PT-2025-18831

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A vulnerability has been resolved in the Linux kernel. The issue is related to the LoongArch architecture and occurs when the get timer irq function is called multiple times in the...

K13114: Apache Range header vulnerability - CVE-2011-3192

Security Advisory Description The byte-range filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial-of-service memory and CPU consumption using aRange header that expresses multiple overlapping ranges. When this vulnerabili...

ALSA-2023:0854 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: mm/mremap.c use-after-free vulnerability CVE-2022-41222 kernel: nfsd buffer overflow by RPC message over TCP with garbage data...

SUSE CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers PAWS with the timestamps option enabled allow remote attackers to cause a denial of service connection loss via a spoofed packet with a large timer value, which causes the host to discard later packets because they appe...

SUSE CVE-2005-3274

Race condition in ipvsconnflush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service null dereference by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is...

SUSE CVE-2005-3805

A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service deadlock involving process CPU timers...

SUSE CVE-2006-5749

The isdnpppccpresetallocstate function in drivers/isdn/isdnppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the inittimer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash...

SUSE CVE-2008-0591

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...

SUSE CVE-2010-1402

Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to an event listener in an SVG document,...

SUSE CVE-2011-4622

The createpittimer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer PIT interrupt requests IRQs when a virtual interrupt controller irqchip is not available, which allows local users to cause a denial of service NUL...

SUSE CVE-2013-4129

The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service BUG and system crash via vectors involving the shutdown of a KVM virtual...

SUSE CVE-2013-4527

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers...