7.8
CVE-2024-47742 - firmware_loader: Block path traversal
In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple coβ¦
8.8
CVE-2024-41714 -
A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successfulβ¦
5.5
CVE-2022-48968 - octeontx2-pf: Fix potential memory leak in otx2_init_tc()
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential memory leak in otx2_init_tc() In otx2_init_tc(), if rhashtable_init() failed, it does not free tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap().
5.5
CVE-2022-48972 - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:cfg802154_netdev_notifier_callβ¦
7.8
CVE-2022-49014 - net: tun: Fix use-after-free in tun_detach()
In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tun_detach() syzbot reported use-after-free in tun_detach() [1]. This causes call trace like below: ================================================================== BUG: KASAN: use-after-free iβ¦
9.1
CVE-2024-40089 -
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device.
5.5
CVE-2024-49975 - uprobes: fix kernel info leak via "[uprobes]" vma
In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC resultβ¦
5.5
CVE-2024-49993 - kernel: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2024-49963 - mailbox: bcm2835: Fix timeout during suspend mode
In the Linux kernel, the following vulnerability has been resolved: mailbox: bcm2835: Fix timeout during suspend mode During noirq suspend phase the Raspberry Pi power driver suffer of firmware property timeouts. The reason is that the IRQ of the underlying BCM2835 mailbox is disabled and rpi_firβ¦
5.5
CVE-2024-50065 - ntfs3: Change to non-blocking allocation in ntfs_d_hash
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Change to non-blocking allocation in ntfs_d_hash d_hash is done while under "rcu-walk" and should not sleep. __get_name() allocates using GFP_KERNEL, having the possibility to sleep when under memory pressure. Change the aβ¦