SUSE CVE-2024-26606

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In epoll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDERWRITEREAD without a read buffer...

CVE-2021-46917

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix wq cleanup of WQCFG registers A pre-release silicon erratum workaround where wq reset does not clear WQCFG registers was leaked into upstream code. Use wq reset command instead of blasting the MMIO region. Th...

CVE-2021-46919

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix wq size store permission state WQ size can only be changed when the device is disabled. Current code allows change when device is enabled but wq is disabled. Change the check to detect device state...

DEBIAN-CVE-2021-46917

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix wq cleanup of WQCFG registers A pre-release silicon erratum workaround where wq reset does not clear WQCFG registers was leaked into upstream code. Use wq reset command instead of blasting the MMIO region. Th...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the removal of the WQMEMRECLAIM flag from a stateful work queue...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a wq reset that does not clear the WQCFG register...

PT-2024-2973 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the dmaengine component, specifically the idxd module, in the Linux kernel. It allows changes to be made when the device is enabled but the wq work queue is...

SUSE CVE-2023-4133

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flowerstatstimer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition...

CVE-2023-4133

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flowerstatstimer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition...

kernel: driver core: fix deadlock in __device_attach

In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in deviceattach In deviceattach function, The lock holding logic is as follows: ... deviceattach devicelockdev // get lock dev asyncscheduledevdeviceattachasynchelper, dev; // func asyncschedulenode...

kernel: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE

A flaw was found in the lpfc module in the Linux kernel. A missing release of allocated memory when an error occurs will cause a memory leak, potentially impacting system performance and resulting in a denial of service...

PT-2022-35828 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: The issue arises when the code attempts to access the sk wq of a socket sock that is already dead. This could potentially lead to security vulnerabilities, although the actual impact and...

PT-2022-35493 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: The issue arises when the code attempts to access the sk wq of a socket sock that is already dead. This could potentially lead to security vulnerabilities, although the actual impact and...

PT-2022-35749 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.262 Description: The issue arises when the code attempts to access the sk wq of a socket sock that is already dead. This could potentially lead to security vulnerabilities, although the actual impact and...

GSD-2022-1005280 Bluetooth: When HCI work queue is drained, only queue chained work

Bluetooth: When HCI work queue is drained, only queue chained work This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...

CVE-2022-34558

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...

PYSEC-2022-43174

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...

PYSEC-2022-43163

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...

PYSEC-2022-43136

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...

kernel: RDMA/rxe: Return CQE error if invalid lkey was supplied

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCALWRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. leonro@...