Количество 36
Количество 36
CVE-2024-53166
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50 Call Trace: <TASK> dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_submit_bio+0x286/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __block_write_full_folio+0x3d0/0x640 writepage_cb+0x3b/0xc0 write_cache_pages+0x254/0...
CVE-2024-53166
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50 Call Trace: <TASK> dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_submit_bio+0x286/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __block_write_full_folio+0x3d0/0x640 writepage_cb+0x3b/0xc0 write_cache_pages+0x254/0x6c0 ...
CVE-2024-53166
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50 Call Trace: <TASK> dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_submit_bio+0x286/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __block_write_full_folio+0x3d0/0x640 writepage_cb+0x3b/0xc0 write_cache_p
CVE-2024-53166
CVE-2024-53166
In the Linux kernel, the following vulnerability has been resolved: b ...
GHSA-6gmm-x3pr-vhmf
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50 Call Trace: <TASK> dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_submit_bio+0x286/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __block_write_full_folio+0x3d0/0x640 writepage_cb+0x3b/0xc0 write_cach...
BDU:2025-07222
Уязвимость функции bfq_choose_req() модуля block/bfq-iosched.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
SUSE-SU-2025:02437-1
Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)
SUSE-SU-2025:02445-1
Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)
SUSE-SU-2025:02410-1
Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)
SUSE-SU-2025:02401-1
Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
SUSE-SU-2025:02434-1
Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)
SUSE-SU-2025:02433-1
Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
SUSE-SU-2025:02400-1
Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)
SUSE-SU-2025:02387-1
Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP6)
SUSE-SU-2025:02455-1
Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)
SUSE-SU-2025:02436-1
Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)
SUSE-SU-2025:02419-1
Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)
SUSE-SU-2025:02412-1
Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)
SUSE-SU-2025:02403-1
Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-53166 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50 Call Trace: <TASK> dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_submit_bio+0x286/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __block_write_full_folio+0x3d0/0x640 writepage_cb+0x3b/0xc0 write_cache_pages+0x254/0... | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-53166 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50 Call Trace: <TASK> dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_submit_bio+0x286/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __block_write_full_folio+0x3d0/0x640 writepage_cb+0x3b/0xc0 write_cache_pages+0x254/0x6c0 ... | CVSS3: 6.7 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-53166 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50 Call Trace: <TASK> dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_submit_bio+0x286/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __block_write_full_folio+0x3d0/0x640 writepage_cb+0x3b/0xc0 write_cache_p | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
 | CVSS3: 7.8 | 0% Низкий | 6 месяцев назад | |
| CVE-2024-53166 In the Linux kernel, the following vulnerability has been resolved: b ... | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
| GHSA-6gmm-x3pr-vhmf In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50 Call Trace: <TASK> dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_submit_bio+0x286/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __block_write_full_folio+0x3d0/0x640 writepage_cb+0x3b/0xc0 write_cach... | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
 | BDU:2025-07222 Уязвимость функции bfq_choose_req() модуля block/bfq-iosched.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
 | SUSE-SU-2025:02437-1 Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5) | 14 дней назад | ||
| SUSE-SU-2025:02445-1 Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4) | 14 дней назад | ||
| SUSE-SU-2025:02410-1 Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5) | 14 дней назад | ||
| SUSE-SU-2025:02401-1 Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4) | 14 дней назад | ||
| SUSE-SU-2025:02434-1 Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4) | 14 дней назад | ||
| SUSE-SU-2025:02433-1 Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6) | 14 дней назад | ||
| SUSE-SU-2025:02400-1 Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4) | 14 дней назад | ||
| SUSE-SU-2025:02387-1 Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP6) | 17 дней назад | ||
| SUSE-SU-2025:02455-1 Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4) | 14 дней назад | ||
| SUSE-SU-2025:02436-1 Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4) | 14 дней назад | ||
| SUSE-SU-2025:02419-1 Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4) | 14 дней назад | ||
| SUSE-SU-2025:02412-1 Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6) | 14 дней назад | ||
| SUSE-SU-2025:02403-1 Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5) | 14 дней назад |
Уязвимостей на страницу