ISHACK AI BOT

Alpine Linux: CVE-2024-22423: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `--exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `--exec` other than `{}` (filepath); if expansion in `--exec` is needed, verify the fields you are using do not contain `"`, `|` or `&`; and/or instead of using `--exec`, write the info json and load the fields from it instead. Solution(s) alpine-linux-upgrade-yt-dlp References https://attackerkb.com/topics/cve-2024-22423 CVE - 2024-22423 https://security.alpinelinux.org/vuln/CVE-2024-22423

Foxit Reader: Use-After-Free or Out-of-Bounds Read vulnerability (CVE-2024-30337) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/09/2024 Created 04/16/2024 Added 04/09/2024 Modified 04/17/2024 Description Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Acroforms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22704. Solution(s) foxit-reader-upgrade-latest References https://attackerkb.com/topics/cve-2024-30337 CVE - 2024-30337 https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-24-318/

Debian: CVE-2024-3446: qemu -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/09/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. Solution(s) debian-upgrade-qemu References https://attackerkb.com/topics/cve-2024-3446 CVE - 2024-3446

Foxit Reader: Use-After-Free or Out-of-Bounds Read vulnerability (CVE-2024-30353) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/09/2024 Created 04/16/2024 Added 04/09/2024 Modified 04/17/2024 Description Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22807. Solution(s) foxit-reader-upgrade-latest References https://attackerkb.com/topics/cve-2024-30353 CVE - 2024-30353 https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-24-334/

Microsoft Windows: CVE-2024-26208: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26208 CVE - 2024-26208 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Foxit Reader: Use-After-Free or Out-of-Bounds Read vulnerability (CVE-2024-30339) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/09/2024 Created 04/16/2024 Added 04/09/2024 Modified 04/17/2024 Description Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Acroforms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22706. Solution(s) foxit-reader-upgrade-latest References https://attackerkb.com/topics/cve-2024-30339 CVE - 2024-30339 https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-24-317/

Microsoft Windows: CVE-2024-26202: DHCP Server Service Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description DHCP Server Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-26202 CVE - 2024-26202 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-26226: Windows Distributed File System (DFS) Information Disclosure Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Windows Distributed File System (DFS) Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26226 CVE - 2024-26226 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft CVE-2024-28940: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 04/11/2024 Description Microsoft CVE-2024-28940: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5035432-d97a1fcd-d0c8-40c3-9210-2d011a735734-x64 msft-kb5035434-2cd70150-9029-45c6-988e-1c461fbbf569-x64 msft-kb5036335-2e46842c-5d02-40bd-9d51-6b402081d64d-x64 msft-kb5036343-fc6968a8-4ca4-4135-b692-8ef1d5dc57dc-x64 References https://attackerkb.com/topics/cve-2024-28940 CVE - 2024-28940 5035432 5035434 5036335 5036343 5037572 5037573 View more

Microsoft CVE-2024-28937: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 04/11/2024 Description Microsoft CVE-2024-28937: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5035432-d97a1fcd-d0c8-40c3-9210-2d011a735734-x64 msft-kb5035434-2cd70150-9029-45c6-988e-1c461fbbf569-x64 msft-kb5036335-2e46842c-5d02-40bd-9d51-6b402081d64d-x64 msft-kb5036343-fc6968a8-4ca4-4135-b692-8ef1d5dc57dc-x64 References https://attackerkb.com/topics/cve-2024-28937 CVE - 2024-28937 5035432 5035434 5036335 5036343 5037570 5037571 View more

Microsoft Windows: CVE-2024-26229: Windows CSC Service Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Windows CSC Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26229 CVE - 2024-26229 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-20688: Secure Boot Security Feature Bypass Vulnerability Severity 7 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 12/10/2024 Description Secure Boot Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 References https://attackerkb.com/topics/cve-2024-20688 CVE - 2024-20688 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969

Debian: CVE-2021-47194: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/10/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanup cfg80211_stop_ap(), this leads to the initialization of in-use data. For example, this path re-init the sdata->assigned_chanctx_list while it is still an element of assigned_vifs list, and makes that linked list corrupt. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47194 CVE - 2021-47194

Debian: CVE-2021-47196: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/10/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Set send and receive CQ before forwarding to the driver Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again till the mlx4 is going to be changed do not overwrite ibqp properties. This change is needed for mlx5, because in case of QP creation failure, it will go to the path of QP destroy which relies on proper CQ pointers. BUG: KASAN: use-after-free in create_qp.cold+0x164/0x16e [mlx5_ib] Write of size 8 at addr ffff8880064c55c0 by task a.out/246 CPU: 0 PID: 246 Comm: a.out Not tainted 5.15.0+ #291 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0x45/0x59 print_address_description.constprop.0+0x1f/0x140 kasan_report.cold+0x83/0xdf create_qp.cold+0x164/0x16e [mlx5_ib] mlx5_ib_create_qp+0x358/0x28a0 [mlx5_ib] create_qp.part.0+0x45b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Allocated by task 246: kasan_save_stack+0x1b/0x40 __kasan_kmalloc+0xa4/0xd0 create_qp.part.0+0x92/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 246: kasan_save_stack+0x1b/0x40 kasan_set_track+0x1c/0x30 kasan_set_free_info+0x20/0x30 __kasan_slab_free+0x10c/0x150 slab_free_freelist_hook+0xb4/0x1b0 kfree+0xe7/0x2a0 create_qp.part.0+0x52b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47196 CVE - 2021-47196

Debian: CVE-2021-47199: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/10/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT, Fix multiple allocations and memleak of mod acts CT clear action offload adds additional mod hdr actions to the flow's original mod actions in order to clear the registers which hold ct_state. When such flow also includes encap action, a neigh update event can cause the driver to unoffload the flow and then reoffload it. Each time this happens, the ct clear handling adds that same set of mod hdr actions to reset ct_state until the max of mod hdr actions is reached. Also the driver never releases the allocated mod hdr actions and causing a memleak. Fix above two issues by moving CT clear mod acts allocation into the parsing actions phase and only use it when offloading the rule. The release of mod acts will be done in the normal flow_put(). backtrace: [<000000007316e2f3>] krealloc+0x83/0xd0 [<00000000ef157de1>] mlx5e_mod_hdr_alloc+0x147/0x300 [mlx5_core] [<00000000970ce4ae>] mlx5e_tc_match_to_reg_set_and_get_id+0xd7/0x240 [mlx5_core] [<0000000067c5fa17>] mlx5e_tc_match_to_reg_set+0xa/0x20 [mlx5_core] [<00000000d032eb98>] mlx5_tc_ct_entry_set_registers.isra.0+0x36/0xc0 [mlx5_core] [<00000000fd23b869>] mlx5_tc_ct_flow_offload+0x272/0x1f10 [mlx5_core] [<000000004fc24acc>] mlx5e_tc_offload_fdb_rules.part.0+0x150/0x620 [mlx5_core] [<00000000dc741c17>] mlx5e_tc_encap_flows_add+0x489/0x690 [mlx5_core] [<00000000e92e49d7>] mlx5e_rep_update_flows+0x6e4/0x9b0 [mlx5_core] [<00000000f60f5602>] mlx5e_rep_neigh_update+0x39a/0x5d0 [mlx5_core] Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47199 CVE - 2021-47199

Debian: CVE-2021-47182: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/10/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsi_mode_sense() buffer length handling Several problems exist with scsi_mode_sense() buffer length handling: 1) The allocation length field of the MODE SENSE(10) command is 16-bits, occupying bytes 7 and 8 of the CDB. With this command, access to mode pages larger than 255 bytes is thus possible. However, the CDB allocation length field is set by assigning len to byte 8 only, thus truncating buffer length larger than 255. 2) If scsi_mode_sense() is called with len smaller than 8 with sdev->use_10_for_ms set, or smaller than 4 otherwise, the buffer length is increased to 8 and 4 respectively, and the buffer is zero filled with these increased values, thus corrupting the memory following the buffer. Fix these 2 problems by using put_unaligned_be16() to set the allocation length field of MODE SENSE(10) CDB and by returning an error when len is too small. Furthermore, if len is larger than 255B, always try MODE SENSE(10) first, even if the device driver did not set sdev->use_10_for_ms. In case of invalid opcode error for MODE SENSE(10), access to mode pages larger than 255 bytes are not retried using MODE SENSE(6). To avoid buffer length overflows for the MODE_SENSE(10) case, check that len is smaller than 65535 bytes. While at it, also fix the folowing: * Use get_unaligned_be16() to retrieve the mode data length and block descriptor length fields of the mode sense reply header instead of using an open coded calculation. * Fix the kdoc dbd argument explanation: the DBD bit stands for Disable Block Descriptor, which is the opposite of what the dbd argument description was. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47182 CVE - 2021-47182

Juniper Junos OS: 2024-04 Security Bulletin: Junos OS: ACX5448 & ACX710: Due to the interface flaps the PFE process can crash (JSA79187) (CVE-2024-30387) Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 04/10/2024 Created 04/11/2024 Added 04/11/2024 Modified 01/28/2025 Description A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart. This issue affects Junos OS: *All versions before 20.4R3-S9, *21.2 versions before 21.2R3-S5, *21.3 versions before 21.3R3-S5, *21.4 versions before 21.4R3-S4, *22.1 versions before 22.1R3-S2, *22.2 versions before 22.2R3-S2, *22.3 versions before 22.3R2-S2, 22.3R3, *22.4 versions before 22.4R2. Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2024-30387 CVE - 2024-30387 JSA79187

Debian: CVE-2021-47185: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/10/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound flush_to_ldisc Call trace: dump_backtrace+0x0/0x1ec show_stack+0x24/0x30 dump_stack+0xd0/0x128 panic+0x15c/0x374 watchdog_timer_fn+0x2b8/0x304 __run_hrtimer+0x88/0x2c0 __hrtimer_run_queues+0xa4/0x120 hrtimer_interrupt+0xfc/0x270 arch_timer_handler_phys+0x40/0x50 handle_percpu_devid_irq+0x94/0x220 __handle_domain_irq+0x88/0xf0 gic_handle_irq+0x84/0xfc el1_irq+0xc8/0x180 slip_unesc+0x80/0x214 [slip] tty_ldisc_receive_buf+0x64/0x80 tty_port_default_receive_buf+0x50/0x90 flush_to_ldisc+0xbc/0x110 process_one_work+0x1d4/0x4b0 worker_thread+0x180/0x430 kthread+0x11c/0x120 In the testcase pty04, The first process call the write syscall to send data to the pty master. At the same time, the workqueue will do the flush_to_ldisc to pop data in a loop until there is no more data left. When the sender and workqueue running in different core, the sender sends data fastly in full time which will result in workqueue doing work in loop for a long time and occuring softlockup in flush_to_ldisc with kernel configured without preempt. So I add need_resched check and cond_resched in the flush_to_ldisc loop to avoid it. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47185 CVE - 2021-47185

Debian: CVE-2021-47215: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/10/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync information to the HW. Here we fix list corruptions, by protecting the entries against movements coming from resync_handle_seq_match(), until their resync handling in napi is fully completed. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47215 CVE - 2021-47215

Debian: CVE-2021-47186: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/10/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: tipc: check for null after calling kmemdup kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_key_xmit as can be seen in the trace [1]. [1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58 Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47186 CVE - 2021-47186

Debian: CVE-2021-47188: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/10/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queuecommand+0x468/0x65c scsi_send_eh_cmnd+0x224/0x6a0 scsi_eh_test_devices+0x248/0x418 scsi_eh_ready_devs+0xc34/0xe58 scsi_error_handler+0x204/0x80c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 That warning is triggered by the following statement: WARN_ON(lrbp->cmd); Fix this warning by clearing lrbp->cmd from the abort handler. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47188 CVE - 2021-47188

Debian: CVE-2021-47190: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/10/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if insertion didn't happen. v2. Adds a return -1 when the insertion error occurs in perf_env__fetch_btf. This doesn't affect anything as the result is never checked. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47190 CVE - 2021-47190

Juniper Junos OS: 2024-04 Security Bulletin: Junos OS: EX4300 Series: Firewall filter not blocking egress traffic (JSA79185) (CVE-2024-30389) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 04/10/2024 Created 04/11/2024 Added 04/11/2024 Modified 01/30/2025 Description An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1. Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2024-30389 CVE - 2024-30389 JSA79185

Debian: CVE-2021-47214: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/10/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: hugetlb, userfaultfd: fix reservation restore on userfaultfd error Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we bail out using "goto out_release_unlock;" in the cases where idx >= size, or !huge_pte_none(), the code will detect that new_pagecache_page == false, and so call restore_reserve_on_error().In this case I see restore_reserve_on_error() delete the reservation, and the following call to remove_inode_hugepages() will increment h->resv_hugepages causing a 100% reproducible leak. We should treat the is_continue case similar to adding a page into the pagecache and set new_pagecache_page to true, to indicate that there is no reservation to restore on the error path, and we need not call restore_reserve_on_error().Rename new_pagecache_page to page_in_pagecache to make that clear. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47214 CVE - 2021-47214

Debian: CVE-2021-47191: linux -- security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 04/10/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() The following warning was observed running syzkaller: [ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in; [ 3813.830724]program syz-executor not setting count and/or reply_len properly [ 3813.836956] ================================================================== [ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x1e0 [ 3813.841773] Read of size 4096 at addr ffff8883cf80f540 by task syz-executor/1549 [ 3813.846612] Call Trace: [ 3813.846995]dump_stack+0x108/0x15f [ 3813.847524]print_address_description+0xa5/0x372 [ 3813.848243]kasan_report.cold+0x236/0x2a8 [ 3813.849439]check_memory_region+0x240/0x270 [ 3813.850094]memcpy+0x30/0x80 [ 3813.850553]sg_copy_buffer+0x157/0x1e0 [ 3813.853032]sg_copy_from_buffer+0x13/0x20 [ 3813.853660]fill_from_dev_buffer+0x135/0x370 [ 3813.854329]resp_readcap16+0x1ac/0x280 [ 3813.856917]schedule_resp+0x41f/0x1630 [ 3813.858203]scsi_debug_queuecommand+0xb32/0x17e0 [ 3813.862699]scsi_dispatch_cmd+0x330/0x950 [ 3813.863329]scsi_request_fn+0xd8e/0x1710 [ 3813.863946]__blk_run_queue+0x10b/0x230 [ 3813.864544]blk_execute_rq_nowait+0x1d8/0x400 [ 3813.865220]sg_common_write.isra.0+0xe61/0x2420 [ 3813.871637]sg_write+0x6c8/0xef0 [ 3813.878853]__vfs_write+0xe4/0x800 [ 3813.883487]vfs_write+0x17b/0x530 [ 3813.884008]ksys_write+0x103/0x270 [ 3813.886268]__x64_sys_write+0x77/0xc0 [ 3813.886841]do_syscall_64+0x106/0x360 [ 3813.887415]entry_SYSCALL_64_after_hwframe+0x44/0xa9 This issue can be reproduced with the following syzkaller log: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\x00') open_by_handle_at(r1, &(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x602000) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40782) write$binfmt_aout(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000deff000000000000000000000000000000000000000000000000000047f007af9e107a41ec395f1bded7be24277a1501ff6196a83366f4e6362bc0ff2b247f68a972989b094b2da4fb3607fcf611a22dd04310d28c75039d"], 0x126) In resp_readcap16() we get "int alloc_len" value -1104926854, and then pass the huge arr_len to fill_from_dev_buffer(), but arr is only 32 bytes. This leads to OOB in sg_copy_buffer(). To solve this issue, define alloc_len as u32. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47191 CVE - 2021-47191