1059 matches found
SUSE CVE-2021-28951
An issue was discovered in fs/iouring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service deadlock because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25...
SUSE CVE-2021-47527
In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 "tty: serialcore: convert uartclose to use ttyportclose" converted serial core to use ttyportclose but failed to notice that the transmit buffer still needs ...
SUSE CVE-2022-0396
BIND 9.16.11 - 9.16.26, 9.17.0 - 9.18.0 and versions 9.16.11-S1 - 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSEWAIT status for an indefinite period of time, even after the client has terminated the connection...
SUSE CVE-2022-45919
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvbcaen50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a waitevent...
GSD-2023-1002237 nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
nfc: pn533: Wait for outurb's completion in pn533usbsendframe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.229 by commit...
PT-2023-35360 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.305 Description: A potential issue exists due to a race condition during ffs ep0 queue wait. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...
ImageMagick 安全漏洞
ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert or write images in multiple formats. A security vulnerability exists in ImageMagick version 7.1.0-49, which stems from the presence of a denial-of-service...
MAL-2023-551 Malicious code in karma-wait-for-load (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4363de6912d277a4595653035e6e7dda06aae7a365147d88a2a349314e6f3f15 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
kernel security and bug fix update
4.18.0-425.10.1.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
PT-2025-37689
Name of the Vulnerable Software and Affected Versions linux affected versions not specified Description The Linux kernel contains a flaw within the drm/amdgpu subsystem. Specifically, the issue involves installing a stub fence into potentially unused fence pointers when using the CPU to update pa...
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c a use-after-free can occur is there is a disconnect after an open because of the lack of a wait_event.
...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.0.10 and earlier, which stems from a lack of waitevent in its drivers/media/dvb-core/dvbcaen50221.c component that...
bind: DoS from specifically crafted TCP packets
A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This flaw allows a remote attacker to send specially crafted TCP strea...
PT-2022-35141 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A potential use-after-free issue was identified in jbd2 fc wait bufs. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...
PT-2022-34981 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to the blk-throttle component, where an overflow can occur while calculating wait time. The actual impact and attack plausibility have not yet been proven. Recommendation...
PT-2022-35265 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the blk-throttle component, where an overflow can occur while calculating wait time. The actual impact and attack plausibility have not yet been proven...
PT-2022-35876 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.9.332 Description: The issue is related to data-races around kcm-rx wait. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v4.9.332, upda...
PT-2022-35804 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.298 Description: The issue is related to data-races around kcm-rx wait. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v4.14.298,...
OESA-2022-2070 kernel security update
Security Fixes: The vulnerability is a use-after-free that happens when an iouring request is being processed on a registered file and the Unix GC runs and frees the iouring fd and all the registered fds. The order at which the Unix GC processes the inflight fds may lead to registered fds be free...
bind: DoS from specifically crafted TCP packets
A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This flaw allows a remote attacker to send specially crafted TCP strea...