ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2024-12087): rsync vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/16/2025 Added 01/15/2025 Modified 01/30/2025 Description A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. Solution(s) ubuntu-pro-upgrade-rsync References https://attackerkb.com/topics/cve-2024-12087 CVE - 2024-12087 USN-7206-1 USN-7206-2 USN-7206-3

Microsoft Windows: CVE-2025-21274: Windows Event Tracing Denial of Service Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21274: Windows Event Tracing Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21274 CVE - 2025-21274 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Oracle E-Business Suite: CVE-2025-21516: Critical Patch Update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the Oracle Customer Care product of Oracle E-Business Suite (component: Service Requests).Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Customer Care.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all Oracle Customer Care accessible data as well asunauthorized access to critical data or complete access to all Oracle Customer Care accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Solution(s) oracle-ebs-jan-2025-cpu-12_2 References https://attackerkb.com/topics/cve-2025-21516 CVE - 2025-21516 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3061170.1 https://www.oracle.com/security-alerts/cpujan2025.html

Microsoft Windows: CVE-2025-21214: Windows BitLocker Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21214: Windows BitLocker Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21214 CVE - 2025-21214 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Aruba AOS-10: CVE-2025-23051: Authenticated Remote Code Execution in AOS Web-based ManagementInterface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 01/14/2025 Created 01/28/2025 Added 01/27/2025 Modified 02/04/2025 Description An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files. Solution(s) aruba-aos-10-cve-2025-23051 References https://attackerkb.com/topics/cve-2025-23051 CVE - 2025-23051 https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04723.json

Ubuntu: (Multiple Advisories) (CVE-2024-12747): rsync vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/16/2025 Added 01/15/2025 Modified 01/30/2025 Description A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. Solution(s) ubuntu-pro-upgrade-rsync References https://attackerkb.com/topics/cve-2024-12747 CVE - 2024-12747 USN-7206-1 USN-7206-2 USN-7206-3

Alma Linux: CVE-2025-21171: Important: .NET 9.0 security update (ALSA-2025-0382) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/21/2025 Added 01/20/2025 Modified 01/28/2025 Description .NET Remote Code Execution Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-9.0 alma-upgrade-aspnetcore-runtime-dbg-9.0 alma-upgrade-aspnetcore-targeting-pack-9.0 alma-upgrade-dotnet alma-upgrade-dotnet-apphost-pack-9.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-9.0 alma-upgrade-dotnet-runtime-9.0 alma-upgrade-dotnet-runtime-dbg-9.0 alma-upgrade-dotnet-sdk-9.0 alma-upgrade-dotnet-sdk-9.0-source-built-artifacts alma-upgrade-dotnet-sdk-aot-9.0 alma-upgrade-dotnet-sdk-dbg-9.0 alma-upgrade-dotnet-targeting-pack-9.0 alma-upgrade-dotnet-templates-9.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2025-21171 CVE - 2025-21171 https://errata.almalinux.org/8/ALSA-2025-0382.html

FreeBSD: VID-163EDCCF-D2BA-11EF-B10E-589CFC10A551 (CVE-2024-12747): rsync -- Multiple security fixes Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/18/2025 Added 01/16/2025 Modified 01/16/2025 Description A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. Solution(s) freebsd-upgrade-package-rsync References CVE-2024-12747

Microsoft Windows: CVE-2025-21263: Windows Digital Media Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21263: Windows Digital Media Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21263 CVE - 2025-21263 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

FreeBSD: VID-163EDCCF-D2BA-11EF-B10E-589CFC10A551 (CVE-2024-12085): rsync -- Multiple security fixes Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/18/2025 Added 01/16/2025 Modified 01/16/2025 Description A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. Solution(s) freebsd-upgrade-package-rsync References CVE-2024-12085

Microsoft Windows: CVE-2025-21329: MapUrlToZone Security Feature Bypass Vulnerability Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21329: MapUrlToZone Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21329 CVE - 2025-21329 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Google Chrome Vulnerability: CVE-2025-0446 Inappropriate implementation in Extensions Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/16/2025 Added 01/15/2025 Modified 01/17/2025 Description Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0446 CVE - 2025-0446

Debian: CVE-2024-57889: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6 __irq_set_trigger+0x56/0x172 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 ... We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C). The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex. However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock. It seems, the internal regmap locks are not needed in this driver at all. mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set. mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock(). The accesses to the regmap from mcp23s08_probe_one() do not need additional locking. In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock. This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57889 CVE - 2024-57889

Amazon Linux AMI 2: CVE-2024-12087: Security patch for rsync (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/16/2025 Added 01/15/2025 Modified 01/20/2025 Description A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. Solution(s) amazon-linux-ami-2-upgrade-rsync amazon-linux-ami-2-upgrade-rsync-debuginfo References https://attackerkb.com/topics/cve-2024-12087 AL2/ALAS-2025-2730 AL2/ALAS-2025-2731 CVE - 2024-12087

Debian: CVE-2024-57882: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: mptcp: fix TCP options overflow. Syzbot reported the following splat: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:_compound_head include/linux/page-flags.h:242 [inline] RIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552 Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83 RSP: 0000:ffffc90003916c90 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000 RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac R10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007 R13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000 FS:00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_page_unref include/linux/skbuff_ref.h:43 [inline] __skb_frag_unref include/linux/skbuff_ref.h:56 [inline] skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb+0x55/0x70 net/core/skbuff.c:1204 tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline] tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032 tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805 tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 __netif_receive_skb_one_core net/core/dev.c:5672 [inline] __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785 process_backlog+0x662/0x15b0 net/core/dev.c:6117 __napi_poll+0xcb/0x490 net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:7074 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0033:0x7f34f4519ad5 Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 RSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246 RAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5 RDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0 RBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000 R10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4 R13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68 </TASK> Eric noted a probable shinfo->nr_frags corruption, which indeed occurs. The root cause is a buggy MPTCP option len computation in some circumstances: the ADD_ADDR option should be mutually exclusive with DSS since the blamed commit. Still, mptcp_established_options_add_addr() tries to set the relevant info in mptcp_out_options, if ---truncated--- Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57882 CVE - 2024-57882

Debian: CVE-2024-57841: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in tcp_conn_request() If inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will return without free the dst memory, which allocated in af_ops->route_req. Here is the kmemleak stack: unreferenced object 0xffff8881198631c0 (size 240): comm "softirq", pid 0, jiffies 4299266571 (age 1802.392s) hex dump (first 32 bytes): 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff................ 81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00.U.............. backtrace: [<ffffffffb93e8d4c>] kmem_cache_alloc+0x60c/0xa80 [<ffffffffba11b4c5>] dst_alloc+0x55/0x250 [<ffffffffba227bf6>] rt_dst_alloc+0x46/0x1d0 [<ffffffffba23050a>] __mkroute_output+0x29a/0xa50 [<ffffffffba23456b>] ip_route_output_key_hash+0x10b/0x240 [<ffffffffba2346bd>] ip_route_output_flow+0x1d/0x90 [<ffffffffba254855>] inet_csk_route_req+0x2c5/0x500 [<ffffffffba26b331>] tcp_conn_request+0x691/0x12c0 [<ffffffffba27bd08>] tcp_rcv_state_process+0x3c8/0x11b0 [<ffffffffba2965c6>] tcp_v4_do_rcv+0x156/0x3b0 [<ffffffffba299c98>] tcp_v4_rcv+0x1cf8/0x1d80 [<ffffffffba239656>] ip_protocol_deliver_rcu+0xf6/0x360 [<ffffffffba2399a6>] ip_local_deliver_finish+0xe6/0x1e0 [<ffffffffba239b8e>] ip_local_deliver+0xee/0x360 [<ffffffffba239ead>] ip_rcv+0xad/0x2f0 [<ffffffffba110943>] __netif_receive_skb_one_core+0x123/0x140 Call dst_release() to free the dst memory when inet_csk_reqsk_queue_hash_add() return false in tcp_conn_request(). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57841 CVE - 2024-57841

Debian: CVE-2024-57887: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt() and calling of_node_put() in error path of probe() and also in the remove(). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57887 CVE - 2024-57887 DSA-5860-1

Debian: CVE-2024-39282: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command operation. If the main thread detects that the task has timed out, the asynchronous thread will panic when executing the completion notification because the main thread completion object has been released. BUG: unable to handle page fault for address: fffffffffffffff8 PGD 1f283a067 P4D 1f283a067 PUD 1f283c067 PMD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:complete_all+0x3e/0xa0 [...] Call Trace: <TASK> ? __die_body+0x68/0xb0 ? page_fault_oops+0x379/0x3e0 ? exc_page_fault+0x69/0xa0 ? asm_exc_page_fault+0x22/0x30 ? complete_all+0x3e/0xa0 fsm_main_thread+0xa3/0x9c0 [mtk_t7xx (HASH:1400 5)] ? __pfx_autoremove_wake_function+0x10/0x10 kthread+0xd8/0x110 ? __pfx_fsm_main_thread+0x10/0x10 [mtk_t7xx (HASH:1400 5)] ? __pfx_kthread+0x10/0x10 ret_from_fork+0x38/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> [...] CR2: fffffffffffffff8 ---[ end trace 0000000000000000 ]--- Use the reference counter to ensure safe release as Sergey suggests: https://lore.kernel.org/all/[email protected]/ Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-39282 CVE - 2024-39282

Debian: CVE-2024-57802: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x5a/0x1c0 net/netrom/nr_dev.c:144 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] raw_sendmsg+0x654/0xc10 net/ieee802154/socket.c:299 ieee802154_sock_sendmsg+0x91/0xc0 net/ieee802154/socket.c:96 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2780 sock_alloc_send_skb include/net/sock.h:1884 [inline] raw_sendmsg+0x36d/0xc10 net/ieee802154/socket.c:282 ieee802154_sock_sendmsg+0x91/0xc0 net/ieee802154/socket.c:96 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5037 Comm: syz-executor166 Not tainted 6.7.0-rc7-syzkaller-00003-gfbafc3e621c3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 ===================================================== This issue occurs because the skb buffer is too small, and it's actual allocation is aligned. This hides an actual issue, which is that nr_route_frame does not validate the buffer size before using it. Fix this issue by checking skb->len before accessing any fields in skb->data. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57802 CVE - 2024-57802

Oracle Linux: CVE-2025-21171: ELSA-2025-0382:.NET 9.0 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/21/2025 Added 01/17/2025 Modified 01/24/2025 Description .NET Remote Code Execution Vulnerability Solution(s) oracle-linux-upgrade-aspnetcore-runtime-9-0 oracle-linux-upgrade-aspnetcore-runtime-dbg-9-0 oracle-linux-upgrade-aspnetcore-targeting-pack-9-0 oracle-linux-upgrade-dotnet oracle-linux-upgrade-dotnet-apphost-pack-9-0 oracle-linux-upgrade-dotnet-host oracle-linux-upgrade-dotnet-hostfxr-9-0 oracle-linux-upgrade-dotnet-runtime-9-0 oracle-linux-upgrade-dotnet-runtime-dbg-9-0 oracle-linux-upgrade-dotnet-sdk-9-0 oracle-linux-upgrade-dotnet-sdk-9-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-aot-9-0 oracle-linux-upgrade-dotnet-sdk-dbg-9-0 oracle-linux-upgrade-dotnet-targeting-pack-9-0 oracle-linux-upgrade-dotnet-templates-9-0 oracle-linux-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2025-21171 CVE - 2025-21171 ELSA-2025-0382

Microsoft Windows: CVE-2025-21323: Windows Kernel Memory Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21323: Windows Kernel Memory Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21323 CVE - 2025-21323 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 View more

Amazon Linux AMI 2: CVE-2024-12085: Security patch for rsync (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/15/2025 Created 01/16/2025 Added 01/15/2025 Modified 02/03/2025 Description A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. Solution(s) amazon-linux-ami-2-upgrade-rsync amazon-linux-ami-2-upgrade-rsync-debuginfo References https://attackerkb.com/topics/cve-2024-12085 AL2/ALAS-2025-2730 AL2/ALAS-2025-2731 CVE - 2024-12085

Microsoft Windows: CVE-2025-21275: Windows App Package Installer Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21275: Windows App Package Installer Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21275 CVE - 2025-21275 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050021

Microsoft Windows: CVE-2025-21273: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21273: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21273 CVE - 2025-21273 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21290: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21290: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21290 CVE - 2025-21290 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more