Showing 1 - 5 of 5

CVE-2024-35846

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2]. The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup's the zswap memory to begin with. Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well. [1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252

Related Files

Ubuntu Security Notice USN-6949-2: Posted Aug 14, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6949-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, kernel; systems | linux, ubuntu; advisories | CVE-2023-52882, CVE-2024-27394, CVE-2024-27395, CVE-2024-27398, CVE-2024-27401, CVE-2024-35846, CVE-2024-35847, CVE-2024-35850, CVE-2024-35852, CVE-2024-35854, CVE-2024-35856, CVE-2024-35858, CVE-2024-35859, CVE-2024-35949; SHA-256 | cd80fe22658722af52da15543cf446c4bb8a4031831b20aed105f0e174f6fe35; Download | Favorite | View

Ubuntu Security Notice USN-6952-2: Posted Aug 14, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6952-2 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2023-52882, CVE-2024-25742, CVE-2024-27394, CVE-2024-27395, CVE-2024-27396, CVE-2024-27401, CVE-2024-35846, CVE-2024-35847, CVE-2024-35849, CVE-2024-35852, CVE-2024-35853, CVE-2024-35855, CVE-2024-35857, CVE-2024-35858; SHA-256 | 2ec5b9718d9b9c02dfbc17231e580ae35883ce5fe7b5f347d0827492d4006ee2; Download | Favorite | View

Ubuntu Security Notice USN-6955-1: Posted Aug 13, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6955-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, kernel; systems | linux, ubuntu; advisories | CVE-2023-52882, CVE-2024-27396, CVE-2024-27398, CVE-2024-27399, CVE-2024-27401, CVE-2024-35846, CVE-2024-35847, CVE-2024-35850, CVE-2024-35852, CVE-2024-35854, CVE-2024-35858, CVE-2024-35947, CVE-2024-35949, CVE-2024-35983; SHA-256 | f52294c61eaa6af90fd8451686e8bc506a5d1b65dae9073f40211e6668f02be8; Download | Favorite | View

Ubuntu Security Notice USN-6952-1: Posted Aug 9, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6952-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2023-52882, CVE-2024-25742, CVE-2024-27394, CVE-2024-27395, CVE-2024-27396, CVE-2024-27401, CVE-2024-35846, CVE-2024-35847, CVE-2024-35849, CVE-2024-35852, CVE-2024-35853, CVE-2024-35855, CVE-2024-35857, CVE-2024-35858; SHA-256 | 4096317c1a9bde967a3c305817802b1b430dad31a7749285f4b9eebbdce233f9; Download | Favorite | View

Ubuntu Security Notice USN-6949-1: Posted Aug 9, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6949-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, kernel; systems | linux, ubuntu; advisories | CVE-2023-52882, CVE-2024-27394, CVE-2024-27395, CVE-2024-27398, CVE-2024-27401, CVE-2024-35846, CVE-2024-35847, CVE-2024-35850, CVE-2024-35852, CVE-2024-35854, CVE-2024-35856, CVE-2024-35858, CVE-2024-35859, CVE-2024-35949; SHA-256 | 321410c5b4251ead308a6d0e8e636928b98e29f0e76f8570af6ff7cec4a63b09; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 137 files
Ubuntu 72 files
Gentoo 33 files
Debian 28 files
Sebastian Hamann 8 files
Jann Horn 7 files
Jaggar Henry 6 files
Google Security Research 6 files
Moritz Abrell 6 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,945)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,659)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,783)
UNIX (9,443)
UnixWare (187)
Windows (6,679)
Other

CVE-2024-35846

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems