1535 matches found
CVE-2024-53098
In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...
UBUNTU-CVE-2024-53098
In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...
CVE-2024-53098 drm/xe/ufence: Prefetch ufence addr to catch bogus address
In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...
CVE-2024-53098 drm/xe/ufence: Prefetch ufence addr to catch bogus address
In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...
CVE-2024-53098
CVE-2024-53098 affects the Linux kernel DRM XE ufence path. The root cause is that access_ok() only checks for addr overflow and may also read the user-supplied address to catch invalid addresses, coupled with prefetching ufence addresses to detect bogus ones. The issue is remedied by a kernel fi...
CVE-2024-50192
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity for userspace to force a change of affinity for a VPE while the VPE has already been unmapped, but the...
CVE-2024-11263 arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y
When the Global Pointer GP relative addressing is enabled CONFIGRISCVGP=y, the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols...
CVE-2024-11263
CVE-2024-11263 concerns RISCV GP relative addressing when CONFIG_RISCV_GP=y. The gp register is reported to point 0x800 bytes past the start of the .sdata section, which the linker uses to relax accesses to global symbols. Across the connected documents, the issue is described with this root caus...
CVE-2024-11263 arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y
When the Global Pointer GP relative addressing is enabled CONFIGRISCVGP=y, the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols...
kernel: i2c: dev: copy userspace array safely
REJECTED CVE In the Linux kernel, the following vulnerability has been resolved: i2c: dev: copy userspace array safely i2c-dev.c utilizes memdupuser to copy a userspace array. This is done without an overflow check. Use the new wrapper memduparrayuser to copy the array more safely...
kernel: vfio/pci: Disable auto-enable of exclusive INTx IRQ
An incorrect handling flaw was found in the Linux kernel framework for secure userspace device drivers functionality that may interrupt some of the devices. This issue could allow a local user to crash the system...
kernel: powerpc/pseries: Whitelist dtl slub object for copying to userspace
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu- results in a BUG when the config CONFIGHARDENEDUSERCOPY is enabled as shown below. kernel...
CVE-2024-50192 irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity for userspace to force a change of affinity for a VPE while the VPE has already been unmapped, but the...
kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Lion Ackermann reported that there is a race condition between namespace cleanup in ipset and the garbage collection of the list:set type. The...
PT-2024-35642
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises from the improper use of userspace irqchip in use in the Linux kernel, specifically in the KVM arm64 component. This leads to a WARN ON in kvm timer update irq. The...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Silence a warning in btftypeidsize CVE-2023-54247 In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to memcgroupidr CVE-2024-43892 In the Linux kernel, the...
SUSE CVE-2024-50080
In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLKFUSERCOPY requires userspace to call write on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow user copy for unprivilege...
SUSE CVE-2024-49975
In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "uprobes" vma xoladdvma maps the uninitialized page allocated by createxolarea into userspace. On some architectures x86 this memory is readable even without VMREAD, VMEXEC results in the same...
SUSE CVE-2022-48987
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2bttimings blanking fields in order to avoid integer overflows when userspace passes weird values. But that assumed that...
SUSE-SU-2024:3744-1 Security update for qemu
This update for qemu fixes the following issues: Security fixes: - CVE-2024-8354: Fixed assertion failure in usbepget bsc1230834 - CVE-2024-8612: Fixed information leak in virtio devices bsc1230915 Update version to 8.2.7: Security fixes: - CVE-2024-7409: Fixed denial of service via improper...