Количество 17
Количество 17
CVE-2024-44952
[REJECTED CVE] A vulnerability in the Linux kernel's driver core related to uevent_show() and driver detach has been identified. The issue involved a race condition where uevent_show() attempted to dereference dev->driver->name, leading to a potential deadlock due to improper locking. While this could cause system instability, an attacker would need the ability to manipulate device attributes and timing precisely, making exploitation impractical.
CVE-2024-44952
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-44952
GHSA-5822-38r8-r5p2
In the Linux kernel, the following vulnerability has been resolved: driver core: Fix uevent_show() vs driver detach race uevent_show() wants to de-reference dev->driver->name. There is no clean way for a device attribute to de-reference dev->driver unless that attribute is defined via (struct device_driver).dev_groups. Instead, the anti-pattern of taking the device_lock() in the attribute handler risks deadlocks with code paths that remove device attributes while holding the lock. This deadlock is typically invisible to lockdep given the device_lock() is marked lockdep_set_novalidate_class(), but some subsystems allocate a local lockdep key for @dev->mutex to reveal reports of the form: ====================================================== WARNING: possible circular locking dependency detected 6.10.0-rc7+ #275 Tainted: G OE N ------------------------------------------------------ modprobe/2374 is trying to acquire lock: ffff8c2270070de0 (kn->active#6){++++}-{...
ELSA-2024-12682
ELSA-2024-12682: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2024-12779
ELSA-2024-12779: Unbreakable Enterprise kernel security update (IMPORTANT)
SUSE-SU-2024:3591-1
Security update for the Linux Kernel
SUSE-SU-2024:3559-1
Security update for the Linux Kernel
SUSE-SU-2024:3566-1
Security update for the Linux Kernel
SUSE-SU-2024:3592-1
Security update for the Linux Kernel
SUSE-SU-2024:3569-1
Security update for the Linux Kernel
SUSE-SU-2024:3587-1
Security update for the Linux Kernel
SUSE-SU-2024:3553-1
Security update for the Linux Kernel
SUSE-SU-2024:3564-1
Security update for the Linux Kernel
SUSE-SU-2024:3561-1
Security update for the Linux Kernel
SUSE-SU-2024:3551-1
Security update for the Linux Kernel
ELSA-2025-6966
ELSA-2025-6966: kernel security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-44952 [REJECTED CVE] A vulnerability in the Linux kernel's driver core related to uevent_show() and driver detach has been identified. The issue involved a race condition where uevent_show() attempted to dereference dev->driver->name, leading to a potential deadlock due to improper locking. While this could cause system instability, an attacker would need the ability to manipulate device attributes and timing precisely, making exploitation impractical. | CVSS3: 5.5 | 10 месяцев назад | |
 | CVE-2024-44952 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 10 месяцев назад | ||
 | CVSS3: 5.5 | 8 месяцев назад | ||
| GHSA-5822-38r8-r5p2 In the Linux kernel, the following vulnerability has been resolved: driver core: Fix uevent_show() vs driver detach race uevent_show() wants to de-reference dev->driver->name. There is no clean way for a device attribute to de-reference dev->driver unless that attribute is defined via (struct device_driver).dev_groups. Instead, the anti-pattern of taking the device_lock() in the attribute handler risks deadlocks with code paths that remove device attributes while holding the lock. This deadlock is typically invisible to lockdep given the device_lock() is marked lockdep_set_novalidate_class(), but some subsystems allocate a local lockdep key for @dev->mutex to reveal reports of the form: ====================================================== WARNING: possible circular locking dependency detected 6.10.0-rc7+ #275 Tainted: G OE N ------------------------------------------------------ modprobe/2374 is trying to acquire lock: ffff8c2270070de0 (kn->active#6){++++}-{... | CVSS3: 5.5 | 10 месяцев назад | |
| ELSA-2024-12682 ELSA-2024-12682: Unbreakable Enterprise kernel security update (IMPORTANT) | 9 месяцев назад | ||
| ELSA-2024-12779 ELSA-2024-12779: Unbreakable Enterprise kernel security update (IMPORTANT) | 8 месяцев назад | ||
 | SUSE-SU-2024:3591-1 Security update for the Linux Kernel | 8 месяцев назад | ||
| SUSE-SU-2024:3559-1 Security update for the Linux Kernel | 8 месяцев назад | ||
| SUSE-SU-2024:3566-1 Security update for the Linux Kernel | 8 месяцев назад | ||
| SUSE-SU-2024:3592-1 Security update for the Linux Kernel | 8 месяцев назад | ||
| SUSE-SU-2024:3569-1 Security update for the Linux Kernel | 8 месяцев назад | ||
| SUSE-SU-2024:3587-1 Security update for the Linux Kernel | 8 месяцев назад | ||
| SUSE-SU-2024:3553-1 Security update for the Linux Kernel | 8 месяцев назад | ||
| SUSE-SU-2024:3564-1 Security update for the Linux Kernel | 8 месяцев назад | ||
| SUSE-SU-2024:3561-1 Security update for the Linux Kernel | 8 месяцев назад | ||
| SUSE-SU-2024:3551-1 Security update for the Linux Kernel | 8 месяцев назад | ||
| ELSA-2025-6966 ELSA-2025-6966: kernel security update (MODERATE) | около 1 месяца назад |
Уязвимостей на страницу