251 matches found
CVE-2022-48848
CVE-2022-48848 affects the Linux kernel tracing/osnoise workflow. Concrete detail: the issue is caused by unregistering tracepoints twice when stopping tracing (osnoise_workload_stop) and switching tracer to nop, leading to a kernel warning about unregistering an unregistered tracepoint. The conn...
CVE-2022-48848 tracing/osnoise: Do not unregister events twice
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Do not unregister events twice Nicolas reported that using: trace-cmd record -e all -M 10 -p osnoise --poll Resulted in the following kernel warning: ------------ cut here ------------ WARNING: CPU: 0 PID: 1217 a...
CVE-2024-38662 bpf: Allow delete from sockmap/sockhash only if update is allowed
In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a mapdelete on a...
SUSE CVE-2021-47262
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complet...
CVE-2021-47262
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complet...
CVE-2021-47262
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complet...
DEBIAN-CVE-2021-47262
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complet...
UBUNTU-CVE-2021-47262
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complet...
CVE-2021-47262 KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complet...
CVE-2021-47262
CVE-2021-47262 concerns the Linux kernel KVM subsystem. The issue arises in the x86 KVM tracepoint handling for nested VM-Enter failures, where string literals used by the “nested VM-Enter failed” tracepoint could outlive memory they reference if the tracepoint is emitted from modules (e.g., kvm-...
CVE-2021-47262 KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complet...
CVE-2021-47262
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complet...
SUSE CVE-2024-27070
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free issue in f2fsfilemapfault syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in f2fsfilemapfault+0xd1/0x2c0 fs/f2fs/file.c:49 Read of size 8 at addr ffff88807bb22680 by task...
UBUNTU-CVE-2024-27070
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free issue in f2fsfilemapfault syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in f2fsfilemapfault+0xd1/0x2c0 fs/f2fs/file.c:49 Read of size 8 at addr ffff88807bb22680 by task...
CVE-2024-27070
Summary (CVE-2024-27070): The Linux kernel f2fs subsystem is affected by a use-after-free in f2fs_filemap_fault. The root cause is that vmf->vma may be not alive after filemap_fault(), causing an invalid access to vmf->vma->vm_flags in trace_f2fs_filemap_fault. The fix is to keep vm_flag...
CVE-2021-47128 bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks
In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a "security,lockdown,selinux: implement SELinux lockdown" added an implementation of the lockeddown LSM hook to SELinux, with the aim to restric...
PT-2024-3374 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.7.0 Description: The issue is related to a use-after-free problem in the f2fs filemap fault function. This occurs because vmf-vma may not be alive after filemap fault, potentially causing a use-after-free issu...
SUSE CVE-2016-2317
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service crash via a crafted SVG file, related to the 1 TracePoint function in magick/render.c, 2 GetToken function in magick/utility.c, and 3 GetTransformTokens function in coders/svg.c...
SUSE CVE-2017-13758
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint function in MagickCore/draw.c...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...