exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2022-48666

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free There are two .exit_cmd_priv implementations. Both implementations use resources associated with the SCSI host. Make sure that these resources are still available when .exit_cmd_priv is called by waiting inside scsi_remove_host() until the tag set has been freed. This commit fixes the following use-after-free: ================================================================== BUG: KASAN: use-after-free in srp_exit_cmd_priv+0x27/0xd0 [ib_srp] Read of size 8 at addr ffff888100337000 by task multipathd/16727 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report.cold+0x5e/0x5db kasan_report+0xab/0x120 srp_exit_cmd_priv+0x27/0xd0 [ib_srp] scsi_mq_exit_request+0x4d/0x70 blk_mq_free_rqs+0x143/0x410 __blk_mq_free_map_and_rqs+0x6e/0x100 blk_mq_free_tag_set+0x2b/0x160 scsi_host_dev_release+0xf3/0x1a0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_device_dev_release_usercontext+0x4c1/0x4e0 execute_in_process_context+0x23/0x90 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_disk_release+0x3f/0x50 device_release+0x54/0xe0 kobject_put+0xa5/0x120 disk_release+0x17f/0x1b0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 dm_put_table_device+0xa3/0x160 [dm_mod] dm_put_device+0xd0/0x140 [dm_mod] free_priority_group+0xd8/0x110 [dm_multipath] free_multipath+0x94/0xe0 [dm_multipath] dm_table_destroy+0xa2/0x1e0 [dm_mod] __dm_destroy+0x196/0x350 [dm_mod] dev_remove+0x10c/0x160 [dm_mod] ctl_ioctl+0x2c2/0x590 [dm_mod] dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0

Related Files

Ubuntu Security Notice USN-7123-1
Posted Nov 20, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7123-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, x86, kernel
systems | linux, ubuntu
advisories | CVE-2022-48666, CVE-2023-52757, CVE-2023-52889, CVE-2023-6610, CVE-2024-25744, CVE-2024-26661, CVE-2024-26669, CVE-2024-26800, CVE-2024-38577, CVE-2024-38602, CVE-2024-38611, CVE-2024-40915, CVE-2024-41011, CVE-2024-41012
SHA-256 | 0f33e2b0d9d4e9003aac62a268df3eec34205925efe7c3aefc683aecc1fe44d6
Download | Favorite | View
Ubuntu Security Notice USN-7100-2
Posted Nov 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7100-2 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, arbitrary, x86, kernel
systems | linux, ubuntu
advisories | CVE-2022-48666, CVE-2024-25744, CVE-2024-26607, CVE-2024-26669, CVE-2024-26893, CVE-2024-36484, CVE-2024-38577, CVE-2024-38602, CVE-2024-38611, CVE-2024-39472, CVE-2024-40915, CVE-2024-41011, CVE-2024-41012, CVE-2024-41017
SHA-256 | 163422edaa457d7b18dd68f3c52d86764e74e2b0d95f740cb2caa422b41f81a3
Download | Favorite | View
Ubuntu Security Notice USN-7100-1
Posted Nov 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7100-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, arbitrary, x86, kernel
systems | linux, ubuntu
advisories | CVE-2022-48666, CVE-2024-25744, CVE-2024-26607, CVE-2024-26800, CVE-2024-26893, CVE-2024-36484, CVE-2024-38577, CVE-2024-38602, CVE-2024-38611, CVE-2024-39472, CVE-2024-40915, CVE-2024-41012, CVE-2024-41015, CVE-2024-41020
SHA-256 | 149202c681713c94c011a6f610cf658675b27f1348643a377029ea858ada57be
Download | Favorite | View
Debian Security Advisory 5747-1
Posted Aug 13, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5747-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2022-48666, CVE-2024-36484, CVE-2024-36901, CVE-2024-36938, CVE-2024-39487, CVE-2024-40947, CVE-2024-41007, CVE-2024-41009, CVE-2024-41012, CVE-2024-41015, CVE-2024-41017, CVE-2024-41020, CVE-2024-41022, CVE-2024-41034
SHA-256 | 681fbead1045bb89c67ccc16ba3dc800a976b5fa19d6823e08cbfac850de4ba1
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close