CVE-2024-38623

A vulnerability was found in the Linux kernel's NTFS3 filesystem module. This issue has been resolved by switching from a fixed-size array to a variable-length array. This change mitigates the risk of buffer overflows that could potentially be exploited by attackers. Mitigation Mitigation for thi...

CVE-2024-6240

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASHENV environment variable with the path to the malicious script, executing on application startup. An attacke...

DEBIAN-CVE-2024-38623

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

CVE-2024-38623

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

CVE-2024-38624

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow For example, in the expression: vbo = 2 vbo + skip...

CVE-2024-38623

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

UBUNTU-CVE-2024-38623

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

CVE-2024-38623 fs/ntfs3: Use variable length array instead of fixed size

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

CVE-2024-38624 fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow For example, in the expression: vbo = 2 vbo + skip...

CVE-2024-38623 fs/ntfs3: Use variable length array instead of fixed size

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

SUSE CVE-2022-48769

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fs/ntfs3 module not using variable-length arrays instead of fixed sizes...

DEBIAN-CVE-2022-48769

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to...

CVE-2022-48769

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to...

CVE-2022-48749

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: invalid parameter check in dpusetupdspppcc The function performs a check on the "ctx" input parameter, however, it is used before the check. Initialize the "base" variable after the sanity check to avoid a possible...

UBUNTU-CVE-2022-48769

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to...

CVE-2022-48756 drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: invalid parameter check in msmdsiphyenable The function performs a check on the "phy" input parameter, however, it is used before the check. Initialize the "dev" variable after the sanity check to avoid a possible NU...

PT-2024-6542 · Vmware · Vmware Fusion

Name of the Vulnerable Software and Affected Versions: VMware Fusion versions 13.x before 13.6 Description: The issue is related to insufficient input validation, allowing an attacker to execute arbitrary code in the context of the Fusion application. A malicious actor with standard user privileg...

Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6818-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

USN-6818-4: Linux kernel (HWE) vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 It was...