348 matches found
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero CVE-2024-26982 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm-srcu when handling KVMSETVCPUEVENTS...
SUSE CVE-2024-58083
In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...
CVE-2024-58083
In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...
UBUNTU-CVE-2024-58083
In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...
CVE-2024-58083 KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...
CVE-2024-58083 KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...
CVE-2024-58083 KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...
CVE-2024-58083
CVE-2024-58083 affects the Linux kernel KVM: the target vCPU was not reliably verified online before clamping the index in kvm_get_vcpu(). If the index is bad, nospec clamping could return vCPU0, leading to a use‑after‑free when vCPU0 is dereferenced. The issue is mitigated by ensuring vCPU0 is o...
CVE-2024-58083
In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...
Linux Distros Unpatched Vulnerability : CVE-2024-58083
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU...
Linux Distros Unpatched Vulnerability : CVE-2024-50114
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller ha...
Linux Distros Unpatched Vulnerability : CVE-2024-53195
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: arm64: Get rid of userspaceirqchipinuse Improper use of userspaceirqchipinuse led to syzbot hitting the following WARNON in kvmtimerupdateirq: WARNING: CP...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommusvabinddevice CVE-2024-40945 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth CVE-2024-53166 In the Linux kernel, the...
CVE-2022-49101
CVE-2022-49101 entry is rejected by the CVE Numbering Authority and does not represent an active vulnerability.
SUSE CVE-2024-57949
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in itsirqsetvcpuaffinity The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irqsetvcpuaffinity irqgetdesclock rawspinlockirqsave --- Disable...
AZL-56553 CVE-2024-57949 affecting package kernel for versions less than 6.6.76.1-1
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in itsirqsetvcpuaffinity The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irqsetvcpuaffinity irqgetdesclock rawspinlockirqsave --- Disable...
CVE-2024-57949 irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in itsirqsetvcpuaffinity The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irqsetvcpuaffinity irqgetdesclock rawspinlockirqsave --- Disable...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from enabling interrupts in the itsirqsetvcpuaffinity function...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48742: rtnetlink: make sure to refresh masterdev/mops in rtnlnewlink bsc1226694. CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in...
CVE-2024-53195
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Get rid of userspaceirqchipinuse Improper use of userspaceirqchipinuse led to syzbot hitting the following WARNON in kvmtimerupdateirq: WARNING: CPU: 0 PID: 3281 at arch/arm64/kvm/archtimer.c:459...