ISHACK AI BOT

Gentoo Linux: GLSA 202405-13: borgmatic: Shell Injection Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/05/2024 Created 05/06/2024 Added 05/06/2024 Modified 05/06/2024 Description Shell injection may be used in several borgmatic backends to execute arbitrary code. Solution(s) gentoo-linux-upgrade-app-backup-borgmatic References 202405-13

Debian: CVE-2024-34509: dcmtk -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/05/2024 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. Solution(s) debian-upgrade-dcmtk References https://attackerkb.com/topics/cve-2024-34509 CVE - 2024-34509 DLA-3847-1

Debian: CVE-2024-34507: mediawiki -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/05/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000. Solution(s) debian-upgrade-mediawiki References https://attackerkb.com/topics/cve-2024-34507 CVE - 2024-34507

Debian: CVE-2024-34506: mediawiki -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/05/2024 Created 05/07/2024 Added 05/07/2024 Modified 05/07/2024 Description An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service. Solution(s) debian-upgrade-mediawiki References https://attackerkb.com/topics/cve-2024-34506 CVE - 2024-34506 DLA-3796-1 DSA-5651-1

Ubuntu: USN-7010-1 (CVE-2024-34509): DCMTK vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/05/2024 Created 09/18/2024 Added 09/18/2024 Modified 11/15/2024 Description dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. Solution(s) ubuntu-pro-upgrade-dcmtk ubuntu-pro-upgrade-libdcmtk12 ubuntu-pro-upgrade-libdcmtk14 ubuntu-pro-upgrade-libdcmtk16 ubuntu-pro-upgrade-libdcmtk17t64 ubuntu-pro-upgrade-libdcmtk5 References https://attackerkb.com/topics/cve-2024-34509 CVE - 2024-34509 USN-7010-1

Gentoo Linux: GLSA 202405-09: MediaInfo, MediaInfoLib: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/04/2024 Created 05/06/2024 Added 05/06/2024 Modified 05/06/2024 Description Please review the referenced CVE identifiers for details. Solution(s) gentoo-linux-upgrade-media-libs-libmediainfo gentoo-linux-upgrade-media-video-mediainfo References 202405-09

Amazon Linux AMI 2: CVE-2024-34402: Security patch for uriparser (ALAS-2024-2546) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/03/2024 Created 06/01/2024 Added 05/31/2024 Modified 05/31/2024 Description An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. Solution(s) amazon-linux-ami-2-upgrade-uriparser amazon-linux-ami-2-upgrade-uriparser-debuginfo amazon-linux-ami-2-upgrade-uriparser-devel References https://attackerkb.com/topics/cve-2024-34402 AL2/ALAS-2024-2546 CVE - 2024-34402

SUSE: CVE-2024-34062: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/03/2024 Created 06/01/2024 Added 05/31/2024 Modified 05/31/2024 Description tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-python-tqdm-bash-completion suse-upgrade-python311-tqdm References https://attackerkb.com/topics/cve-2024-34062 CVE - 2024-34062

SUSE: CVE-2024-34403: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/03/2024 Created 06/01/2024 Added 05/31/2024 Modified 05/31/2024 Description An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string. Solution(s) suse-upgrade-liburiparser1 suse-upgrade-liburiparser1-32bit suse-upgrade-uriparser suse-upgrade-uriparser-devel References https://attackerkb.com/topics/cve-2024-34403 CVE - 2024-34403

Amazon Linux AMI 2: CVE-2024-34403: Security patch for uriparser (ALAS-2024-2546) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/03/2024 Created 06/01/2024 Added 05/31/2024 Modified 05/31/2024 Description An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string. Solution(s) amazon-linux-ami-2-upgrade-uriparser amazon-linux-ami-2-upgrade-uriparser-debuginfo amazon-linux-ami-2-upgrade-uriparser-devel References https://attackerkb.com/topics/cve-2024-34403 AL2/ALAS-2024-2546 CVE - 2024-34403

VMware Photon OS: CVE-2023-51596 Severity 7 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 05/03/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-51596 CVE - 2023-51596

Foxit Reader: Use After Free (CVE-2023-42097) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/03/2024 Created 05/28/2024 Added 05/28/2024 Modified 01/28/2025 Description Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21902. Solution(s) foxit-reader-upgrade-latest References https://attackerkb.com/topics/cve-2023-42097 CVE - 2023-42097 https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-23-1430/

VMware Photon OS: CVE-2023-51580 Severity 5 CVSS (AV:A/AC:H/Au:N/C:C/I:N/A:P) Published 05/03/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20852. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-51580 CVE - 2023-51580

Debian: CVE-2022-48686: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/03/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the io_work loop when we set rd_enabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of-sync or corrupted. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48686 CVE - 2022-48686

VMware Photon OS: CVE-2022-48702 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/03/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the newly allocated voices as if it never wrapped around. This results in out of bounds access if the first voice has a high enough index so that first_voice + requested_voice_count > NUM_G (64). The more voices are requested, the more likely it is for this to occur. This was initially discovered using PipeWire, however it can be reproduced by calling aplay multiple times with 16 channels: aplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero UBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40 index 65 is out of range for type 'snd_emu10k1_voice [64]' CPU: 1 PID: 31977 Comm: aplay Tainted: GW IOE6.0.0-rc2-emu10k1+ #7 Hardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 300207/22/2010 Call Trace: <TASK> dump_stack_lvl+0x49/0x63 dump_stack+0x10/0x16 ubsan_epilogue+0x9/0x3f __ubsan_handle_out_of_bounds.cold+0x44/0x49 snd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1] snd_pcm_hw_params+0x29f/0x600 [snd_pcm] snd_pcm_common_ioctl+0x188/0x1410 [snd_pcm] ? exit_to_user_mode_prepare+0x35/0x170 ? do_syscall_64+0x69/0x90 ? syscall_exit_to_user_mode+0x26/0x50 ? do_syscall_64+0x69/0x90 ? exit_to_user_mode_prepare+0x35/0x170 snd_pcm_ioctl+0x27/0x40 [snd_pcm] __x64_sys_ioctl+0x95/0xd0 do_syscall_64+0x5c/0x90 ? do_syscall_64+0x69/0x90 ? do_syscall_64+0x69/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-48702 CVE - 2022-48702

Debian: CVE-2022-48696: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/03/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the max_raw_read and max_raw_write limits in regmap_spi struct do not take into account the additional size of the transmitted register address and padding.This may result in exceeding the maximum permitted SPI message size, which could cause undefined behaviour, e.g. data corruption. Fix regmap_get_spi_bus() to properly adjust the above mentioned limits by reserving space for the register address/padding as set in the regmap configuration. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48696 CVE - 2022-48696

Debian: CVE-2022-48670: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/03/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: peci: cpu: Fix use-after-free in adev_release() When auxiliary_device_add() returns an error, auxiliary_device_uninit() is called, which causes refcount for device to be decremented and .release callback will be triggered. Because adev_release() re-calls auxiliary_device_uninit(), it will cause use-after-free: [ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15 [ 1269.464007] refcount_t: underflow; use-after-free. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48670 CVE - 2022-48670

VMware Photon OS: CVE-2022-48704 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/03/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, and meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to put device in D3hot state. Per PCI spec rev 4.0 on 5.3.1.4.1 D3hot State. > Configuration and Message requests are the only TLPs accepted by a Function in > the D3hot state. All other received Requests must be handled as Unsupported Requests, > and all received Completions may optionally be handled as Unexpected Completions. This issue will happen in following logs: Unable to handle kernel paging request at virtual address 00008800e0008010 CPU 0 kworker/0:3(131): Oops 0 pc = [<ffffffff811bea5c>]ra = [<ffffffff81240844>]ps = 0000 Tainted: GW pc is at si_gpu_check_soft_reset+0x3c/0x240 ra is at si_dma_is_lockup+0x34/0xd0 v0 = 0000000000000000t0 = fff08800e0008010t1 = 0000000000010000 t2 = 0000000000008010t3 = fff00007e3c00000t4 = fff00007e3c00258 t5 = 000000000000fffft6 = 0000000000000001t7 = fff00007ef078000 s0 = fff00007e3c016e8s1 = fff00007e3c00000s2 = fff00007e3c00018 s3 = fff00007e3c00000s4 = fff00007fff59d80s5 = 0000000000000000 s6 = fff00007ef07bd98 a0 = fff00007e3c00000a1 = fff00007e3c016e8a2 = 0000000000000008 a3 = 0000000000000001a4 = 8f5c28f5c28f5c29a5 = ffffffff810f4338 t8 = 0000000000000275t9 = ffffffff809b66f8t10 = ff6769c5d964b800 t11= 000000000000b886pv = ffffffff811bea20at = 0000000000000000 gp = ffffffff81d89690sp = 00000000aa814126 Disabling lock debugging due to kernel taint Trace: [<ffffffff81240844>] si_dma_is_lockup+0x34/0xd0 [<ffffffff81119610>] radeon_fence_check_lockup+0xd0/0x290 [<ffffffff80977010>] process_one_work+0x280/0x550 [<ffffffff80977350>] worker_thread+0x70/0x7c0 [<ffffffff80977410>] worker_thread+0x130/0x7c0 [<ffffffff80982040>] kthread+0x200/0x210 [<ffffffff809772e0>] worker_thread+0x0/0x7c0 [<ffffffff80981f8c>] kthread+0x14c/0x210 [<ffffffff80911658>] ret_from_kernel_thread+0x18/0x20 [<ffffffff80981e40>] kthread+0x0/0x210 Code: ad3e000843f0074aad7e0018ad9e00208c3001e840230101 <88210000> 4821ed21 So force lockup work queue flush to fix this problem. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-48704 CVE - 2022-48704

Huawei EulerOS: CVE-2022-48691: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/03/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clean up hook list when offload flags check fails splice back the hook list so nft_chain_release_hook() has a chance to release the hooks. BUG: memory leak unreferenced object 0xffff88810180b100 (size 96): comm "syz-executor133", pid 3619, jiffies 4294945714 (age 12.690s) hex dump (first 32 bytes): 28 64 23 02 81 88 ff ff 28 64 23 02 81 88 ff ff(d#.....(d#..... 90 a8 aa 83 ff ff ff ff 00 00 b5 0f 81 88 ff ff................ backtrace: [<ffffffff83a8c59b>] kmalloc include/linux/slab.h:600 [inline] [<ffffffff83a8c59b>] nft_netdev_hook_alloc+0x3b/0xc0 net/netfilter/nf_tables_api.c:1901 [<ffffffff83a9239a>] nft_chain_parse_netdev net/netfilter/nf_tables_api.c:1998 [inline] [<ffffffff83a9239a>] nft_chain_parse_hook+0x33a/0x530 net/netfilter/nf_tables_api.c:2073 [<ffffffff83a9b14b>] nf_tables_addchain.constprop.0+0x10b/0x950 net/netfilter/nf_tables_api.c:2218 [<ffffffff83a9c41b>] nf_tables_newchain+0xa8b/0xc60 net/netfilter/nf_tables_api.c:2593 [<ffffffff83a3d6a6>] nfnetlink_rcv_batch+0xa46/0xd20 net/netfilter/nfnetlink.c:517 [<ffffffff83a3db79>] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:638 [inline] [<ffffffff83a3db79>] nfnetlink_rcv+0x1f9/0x220 net/netfilter/nfnetlink.c:656 [<ffffffff83a13b17>] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] [<ffffffff83a13b17>] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345 [<ffffffff83a13fd6>] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921 [<ffffffff83865ab6>] sock_sendmsg_nosec net/socket.c:714 [inline] [<ffffffff83865ab6>] sock_sendmsg+0x56/0x80 net/socket.c:734 [<ffffffff8386601c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2482 [<ffffffff8386a918>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2536 [<ffffffff8386aaa8>] __sys_sendmsg+0x88/0x100 net/socket.c:2565 [<ffffffff845e5955>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff845e5955>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48691 CVE - 2022-48691 EulerOS-SA-2024-2352

Huawei EulerOS: CVE-2022-48672: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/03/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which makes it possible to overflow the nps[] buffer... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48672 CVE - 2022-48672 EulerOS-SA-2024-2544

Huawei EulerOS: CVE-2022-48686: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/03/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the io_work loop when we set rd_enabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of-sync or corrupted. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48686 CVE - 2022-48686 EulerOS-SA-2024-2544

Huawei EulerOS: CVE-2022-48689: kernel security update Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 05/03/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using page_is_pfmemalloc() is moot, and possibly could give false positives. There has been attempts to make page_is_pfmemalloc() more robust, but not using it in the first place in this context is probably better, removing cpu cycles. Note to stable teams : You need to backport 84ce071e38a6 ("net: introduce __skb_fill_page_desc_noacc") as a prereq. Race is more probable after commit c07aea3ef4d4 ("mm: add a signature in struct page") because page_is_pfmemalloc() is now using low order bit from page->lru.next, which can change more often than page->index. Low order bit should never be set for lru.next (when used as an anchor in LRU list), so KCSAN report is mostly a false positive. Backporting to older kernel versions seems not necessary. [1] BUG: KCSAN: data-race in lru_add_fn / tcp_build_frag write to 0xffffea0004a1d2c8 of 8 bytes by task 18600 on cpu 0: __list_add include/linux/list.h:73 [inline] list_add include/linux/list.h:88 [inline] lruvec_add_folio include/linux/mm_inline.h:105 [inline] lru_add_fn+0x440/0x520 mm/swap.c:228 folio_batch_move_lru+0x1e1/0x2a0 mm/swap.c:246 folio_batch_add_and_move mm/swap.c:263 [inline] folio_add_lru+0xf1/0x140 mm/swap.c:490 filemap_add_folio+0xf8/0x150 mm/filemap.c:948 __filemap_get_folio+0x510/0x6d0 mm/filemap.c:1981 pagecache_get_page+0x26/0x190 mm/folio-compat.c:104 grab_cache_page_write_begin+0x2a/0x30 mm/folio-compat.c:116 ext4_da_write_begin+0x2dd/0x5f0 fs/ext4/inode.c:2988 generic_perform_write+0x1d4/0x3f0 mm/filemap.c:3738 ext4_buffered_write_iter+0x235/0x3e0 fs/ext4/file.c:270 ext4_file_write_iter+0x2e3/0x1210 call_write_iter include/linux/fs.h:2187 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x468/0x760 fs/read_write.c:578 ksys_write+0xe8/0x1a0 fs/read_write.c:631 __do_sys_write fs/read_write.c:643 [inline] __se_sys_write fs/read_write.c:640 [inline] __x64_sys_write+0x3e/0x50 fs/read_write.c:640 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd read to 0xffffea0004a1d2c8 of 8 bytes by task 18611 on cpu 1: page_is_pfmemalloc include/linux/mm.h:1740 [inline] __skb_fill_page_desc include/linux/skbuff.h:2422 [inline] skb_fill_page_desc include/linux/skbuff.h:2443 [inline] tcp_build_frag+0x613/0xb20 net/ipv4/tcp.c:1018 do_tcp_sendpages+0x3e8/0xaf0 net/ipv4/tcp.c:1075 tcp_sendpage_locked net/ipv4/tcp.c:1140 [inline] tcp_sendpage+0x89/0xb0 net/ipv4/tcp.c:1150 inet_sendpage+0x7f/0xc0 net/ipv4/af_inet.c:833 kernel_sendpage+0x184/0x300 net/socket.c:3561 sock_sendpage+0x5a/0x70 net/socket.c:1054 pipe_to_sendpage+0x128/0x160 fs/splice.c:361 splice_from_pipe_feed fs/splice.c:415 [inline] __splice_from_pipe+0x222/0x4d0 fs/splice.c:559 splice_from_pipe fs/splice.c:594 [inline] generic_splice_sendpage+0x89/0xc0 fs/splice.c:743 do_splice_from fs/splice.c:764 [inline] direct_splice_actor+0x80/0xa0 fs/splice.c:931 splice_direct_to_actor+0x305/0x620 fs/splice.c:886 do_splice_direct+0xfb/0x180 fs/splice.c:974 do_sendfile+0x3bf/0x910 fs/read_write.c:1249 __do_sys_sendfile64 fs/read_write.c:1317 [inline] __se_sys_sendfile64 fs/read_write.c:1303 [inline] __x64_sys_sendfile64+0x10c/0x150 fs/read_write.c:1303 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd value changed: 0x0000000000000000 -> 0xffffea0004a1d288 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 18611 Comm: syz-executor.4 Not tainted 6.0.0-rc2-syzkaller-00248-ge022620b5d05-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48689 CVE - 2022-48689 EulerOS-SA-2024-2352

Huawei EulerOS: CVE-2022-48695: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/03/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use-after-free warning Fix the following use-after-free warning which is observed during controller reset: refcount_t: underflow; use-after-free. WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0 Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48695 CVE - 2022-48695 EulerOS-SA-2024-2544

Huawei EulerOS: CVE-2022-48703: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/03/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48703 CVE - 2022-48703 EulerOS-SA-2024-2352

VMware Photon OS: CVE-2024-34402 Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 05/03/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-34402 CVE - 2024-34402