SUSE CVE-2024-46775

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Validate function returns WHAT & HOW Function return values must be checked before data can be used in subsequent functions. This fixes 4 CHECKEDRETURN issues reported by Coverity...

UBUNTU-CVE-2024-46775

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Validate function returns WHAT & HOW Function return values must be checked before data can be used in subsequent functions. This fixes 4 CHECKEDRETURN issues reported by Coverity...

CVE-2024-46775

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Validate function returns WHAT & HOW Function return values must be checked before data can be used in subsequent functions. This fixes 4 CHECKEDRETURN issues reported by Coverity...

CVE-2024-45041 External Secrets Operator vulnerable to privilege escalation

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It...

CVE-2024-44983

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ===================================================== BUG:...

CVE-2024-44977 drm/amdgpu: Validate TA binary size

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442...

CVE-2024-8408

A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validateservicesport of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument servicesarray leads to stack-based buffer overflow. The...

PT-2024-38990 · Linksys · Linksys Wrt54G

Name of the Vulnerable Software and Affected Versions: Linksys WRT54G version 4.21.5 Description: A critical issue affects the function validate services port of the file /apply.cgi in the component POST Parameter Handler. The manipulation of the argument services array leads to a stack-based...

MAL-2024-8049 Malicious code in helmet-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a74efd393386b80f2e23844014fbe6d7ac6b8c4b4251c6442b8b0007df1d136 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in helmet-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a74efd393386b80f2e23844014fbe6d7ac6b8c4b4251c6442b8b0007df1d136 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-42286

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvmelocalport correctly The driver load failed with error message, qla2xxx 0000:04:00.0-ffff:0: registerlocalport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer...

SUSE CVE-2024-41042

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

CVE-2024-40720

The CVE-2024-40720 entry concerns CHANGING Information Technology’s TCBServiSign Windows Version. A specific API fails to properly validate server-side input, enabling unauthenticated, remote attackers to modify the HKEY_CURRENT_USER registry when a user visits a spoofed website and execute arbit...

GHSA-9FPW-C9X7-CV3J Mattermost allows remote actor to set arbitrary RemoteId values for synced users

Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...

CVE-2024-42154

In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: validate source addr length I don't see anything checking that TCPMETRICSATTRSADDRIPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all neither does it for IPv6 but v6 is manual...

CVE-2024-42092 gpio: davinci: Validate the obtained number of IRQs

In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs Value of pdata-gpiounbanked is taken from Device Tree. In case of broken DT due to any error this value can be any. Without this value validation there can be out of chips-irqs...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a hit to the stack protection page due to an unbounded recursion that could result from old loop detection...

libndp security update

1.8-6 - Validate route information option length 1.8-5 - Convert the license tag to SPDX format Related: RHELMISC-1363...

CVE-2024-40930 wifi: cfg80211: validate HE operation element parsing

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: validate HE operation element parsing Validate that the HE operation element has the correct length before parsing it...

PT-2024-29801 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from a change in how the maximum segment size is handled, specifically in the sdhci component. The function blk queue max segment size ensures that the maximum size is...