CVE-2024-53098 : LINUX KERNEL UP TO 6.11.8 UFENCE ACCESS_OK BUFFER OVERFLOW

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address access_ok() only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. (cherry picked from commit 9408c4508483ffc60811e910a93d6425b8e63928).

References

https://git.kernel.org/stable/c/5d623ffbae96b23f1fc43a3d5a267aabdb07583d

https://git.kernel.org/stable/c/9c1813b3253480b30604c680026c7dc721ce86d1

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-54198 : SAP NETWEAVER APPLICATION SERVER ABAP UP TO KRNL64UC 7.22 RFC REQUEST IMPROPER CONTROL OF DYNAMICALLY-IDENTIFIED VARIABLES

CVE-2024-54198 : SAP NETWEAVER APPLICATION SERVER ABAP UP TO KRNL64UC 7.22 RFC REQUEST IMPROPER CONTROL OF DYNAMICALLY-IDENTIFIED VARIABLES

Description In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC)

CVE-2024-48956 : SERVICEWARE PROCESSES UP TO 7.3 HTTP REQUEST IMPROPER AUTHENTICATION

CVE-2024-48956 : SERVICEWARE PROCESSES UP TO 7.3 HTTP REQUEST IMPROPER AUTHENTICATION

Description Serviceware Processes 6.0 through 7.3 allows attackers without valid authentication to send a specially crafted HTTP request to a

CVE-2024-12369 : RED HAT KEYCLOAK/JBOSS ENTERPRISE APPLICATION PLATFORM WILDFLY-ELYTRON-OIDC-CLIENT-SUBSYSTEM CODE INJECTION

CVE-2024-12369 : RED HAT KEYCLOAK/JBOSS ENTERPRISE APPLICATION PLATFORM WILDFLY-ELYTRON-OIDC-CLIENT-SUBSYSTEM CODE INJECTION

Description A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using