Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: storvsc: Ratelimit warning logs to prevent VM denial of service<br /> <br /> If there&amp;#39;s a persistent error in the hypervisor, the SCSI warning for<br /> failed I/O can flood the kernel log and max out CPU utilization,<br /> preventing troubleshooting from the VM side. Ratelimit the warning so<br /> it doesn&amp;#39;t DoS the VM.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: sched: fix ets qdisc OOB Indexing<br /> <br /> Haowei Yan found that ets_class_from_arg() can<br /> index an Out-Of-Bound class in ets_class_from_arg() when passed clid of<br /> 0. The overflow may cause local privilege escalation.<br /> <br /> [ 18.852298] ------------[ cut here ]------------<br /> [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20<br /> [ 18.853743] index 18446744073709551615 is out of range for type &amp;#39;ets_class [16]&amp;#39;<br /> [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17<br /> [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014<br /> [ 18.856532] Call Trace:<br /> [ 18.857441] <br /> [ 18.858227] dump_stack_lvl+0xc2/0xf0<br /> [ 18.859607] dump_stack+0x10/0x20<br /> [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0<br /> [ 18.864022] ets_class_change+0x3d6/0x3f0<br /> [ 18.864322] tc_ctl_tclass+0x251/0x910<br /> [ 18.864587] ? lock_acquire+0x5e/0x140<br /> [ 18.865113] ? __mutex_lock+0x9c/0xe70<br /> [ 18.866009] ? __mutex_lock+0xa34/0xe70<br /> [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0<br /> [ 18.866806] ? __lock_acquire+0x578/0xc10<br /> [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10<br /> [ 18.867503] netlink_rcv_skb+0x59/0x110<br /> [ 18.867776] rtnetlink_rcv+0x15/0x30<br /> [ 18.868159] netlink_unicast+0x1c3/0x2b0<br /> [ 18.868440] netlink_sendmsg+0x239/0x4b0<br /> [ 18.868721] ____sys_sendmsg+0x3e2/0x410<br /> [ 18.869012] ___sys_sendmsg+0x88/0xe0<br /> [ 18.869276] ? rseq_ip_fixup+0x198/0x260<br /> [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190<br /> [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0<br /> [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220<br /> [ 18.870547] ? do_syscall_64+0x93/0x150<br /> [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290<br /> [ 18.871157] __sys_sendmsg+0x69/0xd0<br /> [ 18.871416] __x64_sys_sendmsg+0x1d/0x30<br /> [ 18.871699] x64_sys_call+0x9e2/0x2670<br /> [ 18.871979] do_syscall_64+0x87/0x150<br /> [ 18.873280] ? do_syscall_64+0x93/0x150<br /> [ 18.874742] ? lock_release+0x7b/0x160<br /> [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0<br /> [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210<br /> [ 18.879608] ? irqentry_exit+0x77/0xb0<br /> [ 18.879808] ? clear_bhb_loop+0x15/0x70<br /> [ 18.880023] ? clear_bhb_loop+0x15/0x70<br /> [ 18.880223] ? clear_bhb_loop+0x15/0x70<br /> [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> [ 18.880683] RIP: 0033:0x44a957<br /> [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10<br /> [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e<br /> [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957<br /> [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003<br /> [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0<br /> [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001<br /> [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001<br /> [ 18.888395] <br /> [ 18.888610] ---[ end trace ]---

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Initialize denominator defaults to 1<br /> <br /> [WHAT &amp; HOW]<br /> Variables, used as denominators and maybe not assigned to other values,<br /> should be initialized to non-zero to avoid DIVIDE_BY_ZERO, as reported<br /> by Coverity.<br /> <br /> (cherry picked from commit e2c4c6c10542ccfe4a0830bb6c9fd5b177b7bbb7)

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I&amp;#39;m not going to commit some of the leak fixes I&amp;#39;ve been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. <br /> <br /> An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.<br /> This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.

Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack <br /> by presenting a certificate for a different host.

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.<br /> <br /> Versions affected are :<br /> Remote Desktop Manager macOS 2024.3.9.0 and earlier<br /> Remote Desktop Manager Linux 2024.3.2.5 and earlier<br /> Remote Desktop Manager Android 2024.3.3.7 and earlier<br /> Remote Desktop Manager iOS 2024.3.3.0 and earlier<br /> <br /> Remote Desktop Manager Powershell 2024.3.6.0 and earlier

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I&amp;#39;m not going to commit some of the leak fixes I&amp;#39;ve been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."