kernel: gadgetfs: ep_io - wait until IRQ finishes

A flaw was found in the gadgetfs module in the Linux kernel. If the waitforcompletioninterruptible function is interrupted, the driver does not wait for the interrupt to finish, causing stack corruption and resulting in a denial of service...

kernel: blk-throttle: prevent overflow while calculating wait time

In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code review in tgwithinbpslimit that 'bpslimit jiffyelapsedrnd' might overflow. Fix the problem by calling mulu64u64divu64 instead...

kernel: scsi: sg: Allow waiting for commands to complete on removed device

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before t...

PT-2025-26141 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel has been resolved, related to the SCSI device removal while in active use. When a SCSI device is removed, the kernel would immediately return an error on...

SUSE CVE-2023-31084

An issue was discovered in drivers/media/dvb-core/dvbfrontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASKRUNNING. In dvbfrontendgetevent, waiteventinterruptible is called; the condition is dvbfrontendtesteventfepriv,events. In dvbfrontendtestevent,...

AZL-28505 CVE-2023-31084 affecting package hyperv-daemons for versions less than 5.15.158.2-1

An issue was discovered in drivers/media/dvb-core/dvbfrontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASKRUNNING. In dvbfrontendgetevent, waiteventinterruptible is called; the condition is dvbfrontendtesteventfepriv,events. In dvbfrontendtestevent,...

DEBIAN-CVE-2023-31084

An issue was discovered in drivers/media/dvb-core/dvbfrontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASKRUNNING. In dvbfrontendgetevent, waiteventinterruptible is called; the condition is dvbfrontendtesteventfepriv,events. In dvbfrontendtestevent,...

UBUNTU-CVE-2023-31084

An issue was discovered in drivers/media/dvb-core/dvbfrontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASKRUNNING. In dvbfrontendgetevent, waiteventinterruptible is called; the condition is dvbfrontendtesteventfepriv,events. In dvbfrontendtestevent,...

The vulnerability of the BIND DNS server arises from improper resource termination or release, which leads to incomplete cleanup. This allows attackers to trigger an attack on the service.

The vulnerability of the BIND DNS server relates to improper termination of resources or resource release, which leads to incomplete cleanup. Exploiting this vulnerability allows a malicious actor to send specially crafted TCP packets with ‘keep-response-order’ enabled. This can result in...

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.

...

Malicious Package

Overview karma-wait-for-load is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

SUSE CVE-2007-5500

The waittaskstopped function in the Linux kernel before 2.6.23.8 checks a TASKTRACED bit instead of an exitstate value, which allows local users to cause a denial of service machine crash via unspecified vectors. NOTE: some of these details are obtained from third party information...

SUSE CVE-2009-1926

Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service TCP outage via a series of TCP sessions that have pending data and a 1 small or 2 zero receive window size, and remain in the...

SUSE CVE-2010-4526

Race condition in the sctpicmpprotounreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service panic via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and...

SUSE CVE-2011-1947

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...

SUSE CVE-2012-6647

The futexwaitrequeuepi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted...

SUSE CVE-2014-0205

The futexwait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service use-after-free and system crash or possibly gain privileges via a crafted application th...

SUSE CVE-2015-2706

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a crafted plugin that does not properly complete initialization...

SUSE CVE-2017-6353

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service invalid unlock and double free via a multithreaded application. NOTE: this vulnerability exists because...

SUSE CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...