AZL-50703 CVE-2024-47728 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARGPTRTOLONG,INT args in case of error For all non-tracing helpers which formerly had ARGPTRTOLONG,INT as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, i...

DEBIAN-CVE-2024-47717

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data With the latest Linux-6.11-rc3, the below NULL pointer crash is observed when SBI PMU snapshot is enabled for the guest and the guest is forcefully powered-off...

UBUNTU-CVE-2024-47717

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data With the latest Linux-6.11-rc3, the below NULL pointer crash is observed when SBI PMU snapshot is enabled for the guest and the guest is forcefully powered-off...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the MMU notifier not being called correctly in the mm/khugepaged subsystem, which could result in a secondar...

kernel: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms

This is a vulnerability in the Linux kernel's Data Movement Accelerator DMA engine, specifically affecting the Intel Data Streaming Accelerator IDXD driver. The issue arises during the removal rmmod of the idxd driver on systems with only one active CPU. In such scenarios, the driver's cleanup...

CVE-2024-47943

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...

CVE-2024-47943 Improper signature verification of firmware upgrade files

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...

CVE-2024-47943 Improper signature verification of firmware upgrade files

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...

CVE-2024-47943

CVE-2024-47943 affects the Rittal IoT Interface & CMC III Processing Unit. The firmware upgrade feature does not properly verify patch signatures: the signing uses an HMAC-like mechanism with a hard-coded key, which is publicly available, allowing attackers to craft malicious signed .patch files ...

Rittal IoT Interface & CMC III Processing Unit 安全漏洞

The Rittal IoT Interface & CMC III Processing Unit is a key component of Rittal Germany's Smart Networking of Sensors for monitoring physical environmental conditions. A security vulnerability exists in Rittal IoT Interface & CMC III Processing Unit versions prior to 6.21.00.2, which stems from a...

Rittal IoT Interface & CMC III Processing Unit 安全漏洞

The Rittal IoT Interface & CMC III Processing Unit is a key component of Rittal Germany's Smart Networking of Sensors for monitoring physical environmental conditions. A security vulnerability exists in the Rittal IoT Interface & CMC III Processing Unit prior to version 6.21.00.2, which originate...

PT-2024-32905 · Rittal · Iot Interface & Cmc Iii Processing Unit

Name of the Vulnerable Software and Affected Versions: Rittal IoT Interface & CMC III Processing Unit affected versions not specified Description: The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are...

CVE-2024-44982

...

CVE-2024-46822

...

DEBIAN-CVE-2024-47662

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection Why These registers should not be read from driver and triggering the security violation when DMCUB work times out and diagnostics are collected blocks Z8...

N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware

Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview tha...

Apache Commons IO 资源管理错误漏洞

Apache Commons IO is an application of the Apache USA Foundation. It provides a help to develop IO functionality. A resource management error vulnerability exists in Apache Commons IO version 2.0 up to and including 2.14.0, which stems from uncontrolled CPU resource consumption...

kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity

A flaw was found in the way AMD IOMMU handles certain special address ranges with invalid device table entries DTEs, which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity...

USN-7022-2 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Modular ISDN driver; - MMC subsystem; - SCSI drivers; - F2FS file system; - GFS2 file system; -...

The vulnerability of the iommu/arm-smmu component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the iommu/arm-smmu component in the Linux operating system is related to the lack of registration cancellation when the process terminates. Exploiting this vulnerability can allow an attacker to cause a service failure...