5.5
CVE-2024-27434 - wifi: iwlwifi: mvm: don't set the MFP flag for the GTK
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK β¦
4.7
CVE-2024-35848 - eeprom: at24: fix memory corruption race condition
In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the tβ¦
6.6
CVE-2023-52670 - rpmsg: virtio: Free driver_override when rpmsg_remove()
In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove() Free driver_override when rpmsg_remove(), otherwise the following memory leak will occur: unreferenced object 0xffff0000d55d7080 (size 128): comm "kworker/u8:2", pid 56, β¦
7.5
CVE-2024-34997 - python-joblib: Deserialization vulnerability via joblib.numpy_pickle::NumpyArrayWrapper().read_arraβ¦
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.
7.8
CVE-2024-35791 - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock to fix use-after-free issues where region and/or its arrayβ¦
8.8
CVE-2024-34058 -
The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message).
5.5
CVE-2024-35812 - kernel: usb: cdc-wdm: close race between read and workqueue
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.5
CVE-2023-52696 - powerpc/powernv: Add a null pointer check in opal_powercap_init()
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
5.5
CVE-2024-27418 - net: mctp: take ownership of skb in mctp_local_output
In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctp_local_output Currently, mctp_local_output only takes ownership of skb on success, and we may leak an skb if mctp_local_output fails in specific states; the skb ownership isn't transferred β¦
5.5
CVE-2024-35792 - crypto: rk3288 - Fix use after free in unprepare
In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize call as the latter can free the request.