ISHACK AI BOT 发布的所有帖子
-
Microsoft Windows: CVE-2024-26159: Microsoft ODBC Driver Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/06/2024 Description Microsoft ODBC Driver Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012-kb5035930 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 msft-kb5035888-78d250c5-4777-4953-b36a-f8ebeffb6678 msft-kb5035919-c1dacfec-e6e8-4c76-8c15-14fa0a371340 msft-kb5035920-1c385d43-100d-41d2-be67-0957979cc3c3 msft-kb5035920-d9d460fb-2770-4e30-bef1-ef4062030a5f msft-kb5035933-bb173464-b365-4396-a82d-18c6470ea72f msft-kb5035933-ff333c16-6e30-41f8-b970-a5d69f9a81ff References https://attackerkb.com/topics/cve-2024-26159 CVE - 2024-26159 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 https://support.microsoft.com/help/5035930 View more -
Microsoft Windows: CVE-2024-26162: Microsoft ODBC Driver Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/06/2024 Description Microsoft ODBC Driver Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012-kb5035930 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 msft-kb5035888-78d250c5-4777-4953-b36a-f8ebeffb6678 msft-kb5035919-c1dacfec-e6e8-4c76-8c15-14fa0a371340 msft-kb5035920-1c385d43-100d-41d2-be67-0957979cc3c3 msft-kb5035920-d9d460fb-2770-4e30-bef1-ef4062030a5f msft-kb5035933-bb173464-b365-4396-a82d-18c6470ea72f msft-kb5035933-ff333c16-6e30-41f8-b970-a5d69f9a81ff References https://attackerkb.com/topics/cve-2024-26162 CVE - 2024-26162 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 https://support.microsoft.com/help/5035930 View more
-
Microsoft Windows: CVE-2024-26173: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/06/2024 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012-kb5035930 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 msft-kb5035888-78d250c5-4777-4953-b36a-f8ebeffb6678 msft-kb5035919-c1dacfec-e6e8-4c76-8c15-14fa0a371340 msft-kb5035920-1c385d43-100d-41d2-be67-0957979cc3c3 msft-kb5035920-d9d460fb-2770-4e30-bef1-ef4062030a5f msft-kb5035933-bb173464-b365-4396-a82d-18c6470ea72f msft-kb5035933-ff333c16-6e30-41f8-b970-a5d69f9a81ff References https://attackerkb.com/topics/cve-2024-26173 CVE - 2024-26173 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 https://support.microsoft.com/help/5035930 View more
-
Microsoft Windows: CVE-2024-26197: Windows Standards-Based Storage Management Service Denial of Service Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/05/2024 Description Windows Standards-Based Storage Management Service Denial of Service Vulnerability Solution(s) microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 References https://attackerkb.com/topics/cve-2024-26197 CVE - 2024-26197 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035885
-
Microsoft Windows: CVE-2024-21408: Windows Hyper-V Denial of Service Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 08/13/2024 Description Windows Hyper-V Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 References https://attackerkb.com/topics/cve-2024-21408 CVE - 2024-21408 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 View more
-
Microsoft Windows: CVE-2024-21440: Microsoft ODBC Driver Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/06/2024 Description Microsoft ODBC Driver Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012-kb5035930 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 msft-kb5035888-78d250c5-4777-4953-b36a-f8ebeffb6678 msft-kb5035919-c1dacfec-e6e8-4c76-8c15-14fa0a371340 msft-kb5035920-1c385d43-100d-41d2-be67-0957979cc3c3 msft-kb5035920-d9d460fb-2770-4e30-bef1-ef4062030a5f msft-kb5035933-bb173464-b365-4396-a82d-18c6470ea72f msft-kb5035933-ff333c16-6e30-41f8-b970-a5d69f9a81ff References https://attackerkb.com/topics/cve-2024-21440 CVE - 2024-21440 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 https://support.microsoft.com/help/5035930 View more
-
Microsoft Windows: CVE-2024-21438: Microsoft AllJoyn API Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 08/13/2024 Description Microsoft AllJoyn API Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 References https://attackerkb.com/topics/cve-2024-21438 CVE - 2024-21438 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 View more
-
Microsoft Windows: CVE-2024-26174: Windows Kernel Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/06/2024 Description Windows Kernel Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012-kb5035930 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 msft-kb5035888-78d250c5-4777-4953-b36a-f8ebeffb6678 msft-kb5035919-c1dacfec-e6e8-4c76-8c15-14fa0a371340 msft-kb5035920-1c385d43-100d-41d2-be67-0957979cc3c3 msft-kb5035920-d9d460fb-2770-4e30-bef1-ef4062030a5f msft-kb5035933-bb173464-b365-4396-a82d-18c6470ea72f msft-kb5035933-ff333c16-6e30-41f8-b970-a5d69f9a81ff References https://attackerkb.com/topics/cve-2024-26174 CVE - 2024-26174 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 https://support.microsoft.com/help/5035930 View more
-
Microsoft Windows: CVE-2024-21441: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/06/2024 Description Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012-kb5035930 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 msft-kb5035888-78d250c5-4777-4953-b36a-f8ebeffb6678 msft-kb5035919-c1dacfec-e6e8-4c76-8c15-14fa0a371340 msft-kb5035920-1c385d43-100d-41d2-be67-0957979cc3c3 msft-kb5035920-d9d460fb-2770-4e30-bef1-ef4062030a5f msft-kb5035933-bb173464-b365-4396-a82d-18c6470ea72f msft-kb5035933-ff333c16-6e30-41f8-b970-a5d69f9a81ff References https://attackerkb.com/topics/cve-2024-21441 CVE - 2024-21441 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 https://support.microsoft.com/help/5035930 View more
-
Microsoft Windows: CVE-2024-21437: Windows Graphics Component Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/06/2024 Description Windows Graphics Component Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012-kb5035930 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 msft-kb5035888-78d250c5-4777-4953-b36a-f8ebeffb6678 msft-kb5035919-c1dacfec-e6e8-4c76-8c15-14fa0a371340 msft-kb5035920-1c385d43-100d-41d2-be67-0957979cc3c3 msft-kb5035920-d9d460fb-2770-4e30-bef1-ef4062030a5f msft-kb5035933-bb173464-b365-4396-a82d-18c6470ea72f msft-kb5035933-ff333c16-6e30-41f8-b970-a5d69f9a81ff References https://attackerkb.com/topics/cve-2024-21437 CVE - 2024-21437 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 https://support.microsoft.com/help/5035930 View more
-
Microsoft Windows: CVE-2024-26169: Windows Error Reporting Service Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/05/2024 Description Windows Error Reporting Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 References https://attackerkb.com/topics/cve-2024-26169 CVE - 2024-26169 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 View more
-
Microsoft Windows: CVE-2024-21444: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/06/2024 Description Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012-kb5035930 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 msft-kb5035888-78d250c5-4777-4953-b36a-f8ebeffb6678 msft-kb5035919-c1dacfec-e6e8-4c76-8c15-14fa0a371340 msft-kb5035920-1c385d43-100d-41d2-be67-0957979cc3c3 msft-kb5035920-d9d460fb-2770-4e30-bef1-ef4062030a5f msft-kb5035933-bb173464-b365-4396-a82d-18c6470ea72f msft-kb5035933-ff333c16-6e30-41f8-b970-a5d69f9a81ff References https://attackerkb.com/topics/cve-2024-21444 CVE - 2024-21444 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 https://support.microsoft.com/help/5035930 View more
-
Microsoft Windows: CVE-2024-26182: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 08/13/2024 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 References https://attackerkb.com/topics/cve-2024-26182 CVE - 2024-26182 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035855
-
Microsoft Windows: CVE-2024-26176: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/06/2024 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012-kb5035930 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 msft-kb5035888-78d250c5-4777-4953-b36a-f8ebeffb6678 msft-kb5035919-c1dacfec-e6e8-4c76-8c15-14fa0a371340 msft-kb5035920-1c385d43-100d-41d2-be67-0957979cc3c3 msft-kb5035920-d9d460fb-2770-4e30-bef1-ef4062030a5f msft-kb5035933-bb173464-b365-4396-a82d-18c6470ea72f msft-kb5035933-ff333c16-6e30-41f8-b970-a5d69f9a81ff References https://attackerkb.com/topics/cve-2024-26176 CVE - 2024-26176 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 https://support.microsoft.com/help/5035930 View more
-
Microsoft Windows: CVE-2024-26170: Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 08/13/2024 Description Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 References https://attackerkb.com/topics/cve-2024-26170 CVE - 2024-26170 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857
-
Microsoft Windows: CVE-2024-26181: Windows Kernel Denial of Service Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/06/2024 Description Windows Kernel Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012-kb5035930 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 msft-kb5035888-78d250c5-4777-4953-b36a-f8ebeffb6678 msft-kb5035919-c1dacfec-e6e8-4c76-8c15-14fa0a371340 msft-kb5035920-1c385d43-100d-41d2-be67-0957979cc3c3 msft-kb5035920-d9d460fb-2770-4e30-bef1-ef4062030a5f msft-kb5035933-bb173464-b365-4396-a82d-18c6470ea72f msft-kb5035933-ff333c16-6e30-41f8-b970-a5d69f9a81ff References https://attackerkb.com/topics/cve-2024-26181 CVE - 2024-26181 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 https://support.microsoft.com/help/5035930 View more
-
Microsoft Windows: CVE-2024-21436: Windows Installer Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/12/2024 Created 03/13/2024 Added 03/12/2024 Modified 09/06/2024 Description Windows Installer Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5035858 microsoft-windows-windows_10-1607-kb5035855 microsoft-windows-windows_10-1809-kb5035849 microsoft-windows-windows_10-21h2-kb5035845 microsoft-windows-windows_10-22h2-kb5035845 microsoft-windows-windows_11-21h2-kb5035854 microsoft-windows-windows_11-22h2-kb5035853 microsoft-windows-windows_11-23h2-kb5035853 microsoft-windows-windows_server_2012-kb5035930 microsoft-windows-windows_server_2012_r2-kb5035885 microsoft-windows-windows_server_2016-1607-kb5035855 microsoft-windows-windows_server_2019-1809-kb5035849 microsoft-windows-windows_server_2022-21h2-kb5035857 microsoft-windows-windows_server_2022-22h2-kb5035857 microsoft-windows-windows_server_2022-23h2-kb5035856 msft-kb5035888-78d250c5-4777-4953-b36a-f8ebeffb6678 msft-kb5035919-c1dacfec-e6e8-4c76-8c15-14fa0a371340 msft-kb5035920-1c385d43-100d-41d2-be67-0957979cc3c3 msft-kb5035920-d9d460fb-2770-4e30-bef1-ef4062030a5f msft-kb5035933-bb173464-b365-4396-a82d-18c6470ea72f msft-kb5035933-ff333c16-6e30-41f8-b970-a5d69f9a81ff References https://attackerkb.com/topics/cve-2024-21436 CVE - 2024-21436 https://support.microsoft.com/help/5035845 https://support.microsoft.com/help/5035849 https://support.microsoft.com/help/5035853 https://support.microsoft.com/help/5035854 https://support.microsoft.com/help/5035855 https://support.microsoft.com/help/5035856 https://support.microsoft.com/help/5035857 https://support.microsoft.com/help/5035858 https://support.microsoft.com/help/5035885 https://support.microsoft.com/help/5035930 View more
-
Rocky Linux: CVE-2024-2357: libreswan (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 05/08/2024 Added 05/08/2024 Modified 11/18/2024 Description The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service. Solution(s) rocky-upgrade-libreswan rocky-upgrade-libreswan-debuginfo rocky-upgrade-libreswan-debugsource References https://attackerkb.com/topics/cve-2024-2357 CVE - 2024-2357 https://errata.rockylinux.org/RLSA-2024:1998 https://errata.rockylinux.org/RLSA-2024:2565
-
VMware Photon OS: CVE-2024-1441 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/11/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-1441 CVE - 2024-1441
-
Rocky Linux: CVE-2023-52486: kernel-rt (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/11/2024 Created 08/23/2024 Added 08/22/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we forget to reset the fb pointer back to NULL, and so if we then get another error during the retry, before the fb lookup, we proceed the unref the same fb again without having gotten another reference. The end result is that the fb will (eventually) end up being freed while it's still in use. Reset fb to NULL once we've unreffed it to avoid doing it again until we've done another fb lookup. This turned out to be pretty easy to hit on a DG2 when doing async flips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom I saw that drm_closefb() simply got stuck in a busy loop while walking the framebuffer list. Fortunately I was able to convince it to oops instead, and from there it was easier to track down the culprit. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-52486 CVE - 2023-52486 https://errata.rockylinux.org/RLSA-2024:5101 https://errata.rockylinux.org/RLSA-2024:5102
-
Rocky Linux: CVE-2024-26614: kernel-rt (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 08/23/2024 Added 08/22/2024 Modified 11/18/2024 Description In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508) Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508) Code: 73 56 3a ff 90 c3 cc cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7 30 20 ce 8f e8 ad 56 42 ff <0f> 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9d1ef60e0908 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900 RBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff R10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 0000000000000000 R13: ffff9d181cd5c660 R14: ffff9d1813a3f330 R15: 0000000000001000 FS:00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:0000000000000000 CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0 Call Trace: <IRQ> _raw_spin_unlock (kernel/locking/spinlock.c:186) inet_csk_reqsk_queue_add (net/ipv4/inet_connection_sock.c:1321) inet_csk_complete_hashdance (net/ipv4/inet_connection_sock.c:1358) tcp_check_req (net/ipv4/tcp_minisocks.c:868) tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2260) ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205) ip_local_deliver_finish (net/ipv4/ip_input.c:234) __netif_receive_skb_one_core (net/core/dev.c:5529) process_backlog (./include/linux/rcupdate.h:779) __napi_poll (net/core/dev.c:6533) net_rx_action (net/core/dev.c:6604) __do_softirq (./arch/x86/include/asm/jump_label.h:27) do_softirq (kernel/softirq.c:454 kernel/softirq.c:441) </IRQ> <TASK> __local_bh_enable_ip (kernel/softirq.c:381) __dev_queue_xmit (net/core/dev.c:4374) ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:235) __ip_queue_xmit (net/ipv4/ip_output.c:535) __tcp_transmit_skb (net/ipv4/tcp_output.c:1462) tcp_rcv_synsent_state_process (net/ipv4/tcp_input.c:6469) tcp_rcv_state_process (net/ipv4/tcp_input.c:6657) tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1929) __release_sock (./include/net/sock.h:1121 net/core/sock.c:2968) release_sock (net/core/sock.c:3536) inet_wait_for_connect (net/ipv4/af_inet.c:609) __inet_stream_connect (net/ipv4/af_inet.c:702) inet_stream_connect (net/ipv4/af_inet.c:748) __sys_connect (./include/linux/file.h:45 net/socket.c:2064) __x64_sys_connect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070) do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) RIP: 0033:0x7fa10ff05a3d Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48 RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003 RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640 R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20 </TASK> The issue triggering process is analyzed as follows: Thread A Thread B tcp_v4_rcv //receive ack TCP packet inet_shutdown tcp_check_reqtcp_disconnect //disconnect sock ...tcp_set_state(sk, TCP_CLOSE) inet_csk_complete_hashdance... inet_csk_reqsk_queue_add ---truncated--- Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-26614 CVE - 2024-26614 https://errata.rockylinux.org/RLSA-2024:5101 https://errata.rockylinux.org/RLSA-2024:5102
-
Red Hat: CVE-2024-26611: kernel: xsk: fix usage of multi-buffer BPF helpers for ZC XDP (Multiple Advisories) Severity 1 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:P) Published 03/11/2024 Created 12/06/2024 Added 12/05/2024 Modified 12/16/2024 Description In the Linux kernel, the following vulnerability has been resolved: xsk: fix usage of multi-buffer BPF helpers for ZC XDP Currently when packet is shrunk via bpf_xdp_adjust_tail() and memory type is set to MEM_TYPE_XSK_BUFF_POOL, null ptr dereference happens: [1136314.192256] BUG: kernel NULL pointer dereference, address: 0000000000000034 [1136314.203943] #PF: supervisor read access in kernel mode [1136314.213768] #PF: error_code(0x0000) - not-present page [1136314.223550] PGD 0 P4D 0 [1136314.230684] Oops: 0000 [#1] PREEMPT SMP NOPTI [1136314.239621] CPU: 8 PID: 54203 Comm: xdpsock Not tainted 6.6.0+ #257 [1136314.250469] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [1136314.265615] RIP: 0010:__xdp_return+0x6c/0x210 [1136314.274653] Code: ad 00 48 8b 47 08 49 89 f8 a8 01 0f 85 9b 01 00 00 0f 1f 44 00 00 f0 41 ff 48 34 75 32 4c 89 c7 e9 79 cd 80 ff 83 fe 03 75 17 <f6> 41 34 01 0f 85 02 01 00 00 48 89 cf e9 22 cc 1e 00 e9 3d d2 86 [1136314.302907] RSP: 0018:ffffc900089f8db0 EFLAGS: 00010246 [1136314.312967] RAX: ffffc9003168aed0 RBX: ffff8881c3300000 RCX: 0000000000000000 [1136314.324953] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffc9003168c000 [1136314.336929] RBP: 0000000000000ae0 R08: 0000000000000002 R09: 0000000000010000 [1136314.348844] R10: ffffc9000e495000 R11: 0000000000000040 R12: 0000000000000001 [1136314.360706] R13: 0000000000000524 R14: ffffc9003168aec0 R15: 0000000000000001 [1136314.373298] FS:00007f8df8bbcb80(0000) GS:ffff8897e0e00000(0000) knlGS:0000000000000000 [1136314.386105] CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1136314.396532] CR2: 0000000000000034 CR3: 00000001aa912002 CR4: 00000000007706f0 [1136314.408377] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1136314.420173] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [1136314.431890] PKRU: 55555554 [1136314.439143] Call Trace: [1136314.446058]<IRQ> [1136314.452465]? __die+0x20/0x70 [1136314.459881]? page_fault_oops+0x15b/0x440 [1136314.468305]? exc_page_fault+0x6a/0x150 [1136314.476491]? asm_exc_page_fault+0x22/0x30 [1136314.484927]? __xdp_return+0x6c/0x210 [1136314.492863]bpf_xdp_adjust_tail+0x155/0x1d0 [1136314.501269]bpf_prog_ccc47ae29d3b6570_xdp_sock_prog+0x15/0x60 [1136314.511263]ice_clean_rx_irq_zc+0x206/0xc60 [ice] [1136314.520222]? ice_xmit_zc+0x6e/0x150 [ice] [1136314.528506]ice_napi_poll+0x467/0x670 [ice] [1136314.536858]? ttwu_do_activate.constprop.0+0x8f/0x1a0 [1136314.546010]__napi_poll+0x29/0x1b0 [1136314.553462]net_rx_action+0x133/0x270 [1136314.561619]__do_softirq+0xbe/0x28e [1136314.569303]do_softirq+0x3f/0x60 This comes from __xdp_return() call with xdp_buff argument passed as NULL which is supposed to be consumed by xsk_buff_free() call. To address this properly, in ZC case, a node that represents the frag being removed has to be pulled out of xskb_list. Introduce appropriate xsk helpers to do such node operation and use them accordingly within bpf_xdp_adjust_tail(). Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-26611 RHSA-2024:9315
-
Debian: CVE-2024-1441: libvirt -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 04/04/2024 Added 04/03/2024 Modified 04/03/2024 Description An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. Solution(s) debian-upgrade-libvirt References https://attackerkb.com/topics/cve-2024-1441 CVE - 2024-1441 DLA-3778-1
-
Debian: CVE-2023-39804: tar -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 03/11/2024 Added 03/11/2024 Modified 03/28/2024 Description In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. Solution(s) debian-upgrade-tar References https://attackerkb.com/topics/cve-2023-39804 CVE - 2023-39804 DLA-3755-1
-
Debian: CVE-2024-26610: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/11/2024 Created 05/08/2024 Added 05/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the buffer. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-26610 CVE - 2024-26610 DSA-5681-1