155 matches found
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49111: Bluetooth: Fix use after free in hcisendacl bsc1237984. CVE-2025-21726: padata: avoid UAF for reorderwork bsc1238865. CVE-2025-21785: arm64: cacheinfo:...
SUSE-SU-2025:01627-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21726: padata: avoid UAF for reorderwork bsc1238865. - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array bsc1238747. -...
CLSA-2025-1747688831 kernel: Fix of 20 CVEs
drm/dpmst: Ensure mstprimary pointer is valid in drmdpmsthandleupreq CVE-2024-57798 - block: Fix handling of offline queues in blkmqallocrequesthctx CVE-2022-49720 - drm: nv04: Fix out of bounds access CVE-2024-27008 - parport: Proper fix for array out-of-bounds access CVE-2024-50074 - Bluetooth:...
CLSA-2025-1747688514 kernel: Fix of 19 CVEs
block: Fix handling of offline queues in blkmqallocrequesthctx CVE-2022-49720 - drm: nv04: Fix out of bounds access CVE-2024-27008 - parport: Proper fix for array out-of-bounds access CVE-2024-50074 - drm/dpmst: Ensure mstprimary pointer is valid in drmdpmsthandleupreq CVE-2024-57798 - media:...
OESA-2025-1450 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ntbhwswitchtec: Fix shift-out-of-bounds in switchtecntbmwsettrans There is a kernel API ntbmwcleartrans would pass 0 to both addr and size. This would make...
SUSE CVE-2025-21791
In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdevl3out l3mdevl3out can be called without RCU being held: rawsendmsg ippushpendingframes ipsendskb iplocalout iplocalout l3mdevipout Add rcureadlock / rcureadunlock pair to avoid a potential UAF...
DEBIAN-CVE-2025-21791
In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdevl3out l3mdevl3out can be called without RCU being held: rawsendmsg ippushpendingframes ipsendskb iplocalout iplocalout l3mdevipout Add rcureadlock / rcureadunlock pair to avoid a potential UAF...
UBUNTU-CVE-2025-21791
In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdevl3out l3mdevl3out can be called without RCU being held: rawsendmsg ippushpendingframes ipsendskb iplocalout iplocalout l3mdevipout Add rcureadlock / rcureadunlock pair to avoid a potential UAF...
CVE-2024-49980
In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmitnit is expected to be called with BH disabled. devqueuexmit has the following: / Disable soft...
CVE-2024-49980
In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmitnit is expected to be called with BH disabled. devqueuexmit has the following: / Disable soft...
CVE-2024-49980 vrf: revert "vrf: Remove unnecessary RCU-bh critical section"
In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmitnit is expected to be called with BH disabled. devqueuexmit has the following: / Disable soft...
CVE-2024-49980 vrf: revert "vrf: Remove unnecessary RCU-bh critical section"
In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmitnit is expected to be called with BH disabled. devqueuexmit has the following: / Disable soft...
CVE-2024-49980
CVE-2024-49980 affects the Linux kernel VRF path. The issue stems from removing an RCU-bh critical section around dev_queue_xmit_nit, which violated an invariant and could cause an inconsistent lock state, potentially enabling a deadlock during packet reception when BH is disabled. The vulnerabil...
frr security and bug fix update
8.3.1-11 - Resolves: RHEL-2263 - bgpd: Do not explicitly print MAXTTL value for ebgp-multihop vty output 8.3.1-10 - Related: 2216912 - adding sysadmin to capabilities 8.3.1-9 - Resolves: 2215346 - frr policy does not allow the execution of /usr/sbin/ipsec 8.3.1-8 - Resolves: 2216912 - SELinux is...
Tray tile characterIndex values (via PRNG) can be manipulated by miners
Lines of code Vulnerability details Impact By manipulating the ordering of transactions in blocks, miners could manipulate the characterIndex values of a Tray's tiles. This could result in miners being able to specifically select characterIndex values that they want for specific Tray tiles, rathe...
Some figures are more likely to be drawn
Lines of code Vulnerability details Description The function reconstructTicket generate the winning ticket the from the ramdom number generated by Chainlink VRF V2. The design of this function makes the occurrence of some numbers more likely than others. Impact With the current implementation and...
Lottery owner can rig the draw to win the jackpot by swapping the source
Lines of code Vulnerability details Lottery owner can rig the draw to win the jackpot by swapping the source Impact The lottery owner has the ability to swap the Random Source under certain cirumstances, and this can be exploited to set a new source contract that returns any number set by it. Thi...
Lottery owner can manipulate the RNG to favour themselves, or other certain participants
Lines of code Vulnerability details The docs state that Chainlink VRF will be used as the source of randomness, whose subscription model is described here. A call is made to Chainlink's VRFCoordinatorV2 requestRandomWords function, after which a response is sent back in the form of a call to...
Malicious ChainLink's VRF manager can decide to not whitelist VRFNFTRandomDraw or brick ongoing raffles
Lines of code Vulnerability details Impact ChainLinks VRF manager has priviledged position, as all VRFNFTRandomDraw instances share the same VRFCoordinatorV2 address, and have to be whitelisted in order to be able to send requestRandomWords function. There is centralization risk in this case, tha...
Miners Can Re-Roll the VRF Output to Game the Protocol
Lines of code Vulnerability details Impact Miners are able to rewrite a chain's history if they dislike the VRF output used by the protocol. Consider the following example: A miner or well-funded user is participating in the PoolTogether protocol. A VRF request is made and fulfilled in the same...