Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsethash: Unaligned atomic read on struct nftsetext Access to the genmask field in struct nftsetext results in an unaligned atomic read: 72.130109 Unable to handle kernel paging requests at virtual address...

kernel: block: refine the EOF check in blkdev_iomap_begin

In the Linux kernel, the following vulnerability has been resolved: block: refine the EOF check in blkdeviomapbegin blkdeviomapbegin rounds down the offset to the logical block size before stashing it in iomap-offset and checking that it still is inside the inode size. Check the isize check to th...

SUSE CVE-2024-50111

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

DEBIAN-CVE-2024-50111

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

AZL-52535 CVE-2024-50111 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

AZL-52486 CVE-2024-50111 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

UBUNTU-CVE-2024-50111

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

CVE-2024-50111

CVE-2024-50111 affects LoongArch Linux kernel where unaligned access can trigger in irq-enabled context; do_ale() may call get_user(), causing sleep and BUG: sleeping function called from invalid context. The fix described in the unpatched Nessus entry is to enable IRQ handling for unaligned acce...

CVE-2024-50111 LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

CVE-2024-50111 LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

CVE-2024-50111 LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if doale triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case doale may call getuser which may cause sleep. Then we will get: BU...

SmartDNS 输入验证错误漏洞

SmartDNS is a DNS server running locally by Nick Peng Personal Developer. A security vulnerability exists in SmartDNS Release 46, which stems from an integer overflow in fastping.c, allowing remote attackers to cause a denial of service via unaligned memory access...

PT-2024-33944

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: The issue is related to the Linux kernel, specifically the LoongArch architecture, where an unaligned access exception can be triggered in an irq-enabled context, such as user mode. This can...

SUSE CVE-2024-46853

In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes data to NOR chip. dd...

AZL-49945 CVE-2024-46853 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes data to NOR chip. dd...

UBUNTU-CVE-2024-46853

In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes data to NOR chip. dd...

The vulnerability of the `load_unaligned_zeropad` function in the arm64 kernel of the Linux operating system, which allows a hacker to trigger a service failure

The vulnerability of the loadunalignedzeropad function in the arm64 architecture of the Linux operating system’s kernel is related to the improper extraction of the data and addr registers. Exploiting this vulnerability can allow an attacker to cause a service failure...

SUSE CVE-2024-43868

In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscvkernelentry When alignment handling is delegated to the kernel, everything must be word-aligned in purgatory, since the trap handler is then set to the kexec one. Without the alignment, hitting the...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-42247)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42247 advisory. - In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned...

CVE-2024-43868

In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscvkernelentry When alignment handling is delegated to the kernel, everything must be word-aligned in purgatory, since the trap handler is then set to the kexec one. Without the alignment, hitting the...