Lucene search
K

1535 matches found

NVD
NVD
added 2024/11/25 10:15 p.m.17 views

CVE-2024-53098

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...

7.8CVSS0.00214EPSS
Exploits0References2
OSV
OSV
added 2024/11/25 10:15 p.m.2 views

UBUNTU-CVE-2024-53098

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...

7.8CVSS5.7AI score0.00214EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/11/25 9:21 p.m.20 views

CVE-2024-53098 drm/xe/ufence: Prefetch ufence addr to catch bogus address

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...

0.00214EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/25 9:21 p.m.2 views

CVE-2024-53098 drm/xe/ufence: Prefetch ufence addr to catch bogus address

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...

7.8AI score0.00214EPSS
Exploits0References2
CVE
CVE
added 2024/11/25 9:21 p.m.113 views

CVE-2024-53098

CVE-2024-53098 affects the Linux kernel DRM XE ufence path. The root cause is that access_ok() only checks for addr overflow and may also read the user-supplied address to catch invalid addresses, coupled with prefetching ufence addresses to detect bogus ones. The issue is remedied by a kernel fi...

7.8CVSS6.7AI score0.00214EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2024/11/21 7:13 p.m.24 views

CVE-2024-50192

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity for userspace to force a change of affinity for a VPE while the VPE has already been unmapped, but the...

5.5CVSS6.7AI score0.00205EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/15 10:53 p.m.12 views

CVE-2024-11263 arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y

When the Global Pointer GP relative addressing is enabled CONFIGRISCVGP=y, the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols...

9.3CVSS7.1AI score0.00164EPSS
Exploits0References1
CVE
CVE
added 2024/11/15 10:53 p.m.70 views

CVE-2024-11263

CVE-2024-11263 concerns RISCV GP relative addressing when CONFIG_RISCV_GP=y. The gp register is reported to point 0x800 bytes past the start of the .sdata section, which the linker uses to relax accesses to global symbols. Across the connected documents, the issue is described with this root caus...

9.3CVSS9.3AI score0.00164EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/11/15 10:53 p.m.27 views

CVE-2024-11263 arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y

When the Global Pointer GP relative addressing is enabled CONFIGRISCVGP=y, the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols...

9.3CVSS0.00164EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.2 views

kernel: i2c: dev: copy userspace array safely

REJECTED CVE In the Linux kernel, the following vulnerability has been resolved: i2c: dev: copy userspace array safely i2c-dev.c utilizes memdupuser to copy a userspace array. This is done without an overflow check. Use the new wrapper memduparrayuser to copy the array more safely...

6.9AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.3 views

kernel: vfio/pci: Disable auto-enable of exclusive INTx IRQ

An incorrect handling flaw was found in the Linux kernel framework for secure userspace device drivers functionality that may interrupt some of the devices. This issue could allow a local user to crash the system...

5.5CVSS7.2AI score0.0024EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.3 views

kernel: powerpc/pseries: Whitelist dtl slub object for copying to userspace

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu- results in a BUG when the config CONFIGHARDENEDUSERCOPY is enabled as shown below. kernel...

5.5CVSS6.6AI score0.00225EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/08 5:54 a.m.30 views

CVE-2024-50192 irqchip/gic-v4: Don't allow a VMOVP on a dying VPE

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity for userspace to force a change of affinity for a VPE while the VPE has already been unmapped, but the...

0.00205EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/11/05 1:22 a.m.3 views

kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Lion Ackermann reported that there is a race condition between namespace cleanup in ipset and the garbage collection of the list:set type. The...

7CVSS6.8AI score0.00204EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/31 12:0 a.m.6 views

PT-2024-35642

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises from the improper use of userspace irqchip in use in the Linux kernel, specifically in the KVM arm64 component. This leads to a WARN ON in kvm timer update irq. The...

5.5CVSS5.5AI score0.00213EPSS
Exploits0
Amazon
Amazon
added 2024/10/31 12:0 a.m.12 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Silence a warning in btftypeidsize CVE-2023-54247 In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to memcgroupidr CVE-2024-43892 In the Linux kernel, the...

7.8CVSS6.5AI score0.00299EPSS
Exploits4
SUSE CVE
SUSE CVE
added 2024/10/29 4:15 a.m.2 views

SUSE CVE-2024-50080

In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLKFUSERCOPY requires userspace to call write on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow user copy for unprivilege...

5.5CVSS7.7AI score0.00206EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2024/10/24 3:18 a.m.2 views

SUSE CVE-2024-49975

In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "uprobes" vma xoladdvma maps the uninitialized page allocated by createxolarea into userspace. On some architectures x86 this memory is readable even without VMREAD, VMEXEC results in the same...

5.5CVSS6.2AI score0.00249EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2024/10/22 2:22 p.m.3 views

SUSE CVE-2022-48987

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2bttimings blanking fields in order to avoid integer overflows when userspace passes weird values. But that assumed that...

3.3CVSS6.5AI score0.00248EPSS
Exploits0References8
OSV
OSV
added 2024/10/22 1:34 p.m.17 views

SUSE-SU-2024:3744-1 Security update for qemu

This update for qemu fixes the following issues: Security fixes: - CVE-2024-8354: Fixed assertion failure in usbepget bsc1230834 - CVE-2024-8612: Fixed information leak in virtio devices bsc1230915 Update version to 8.2.7: Security fixes: - CVE-2024-7409: Fixed denial of service via improper...

7.5CVSS6AI score0.01027EPSS
Exploits0References12
Rows per page
Query Builder