CVE-2024-47739 – padata: use integer wrap around to prevent deadlock on seq_nr overflow
https://notcve.org/view.php?id=CVE-2024-47739
In the Linux kernel, the following vulnerability has been resolved: padata: use integer wrap around to prevent deadlock on seq_nr overflow When submitting more than 2^32 padata objects to padata_do_serial, the current sorting implementation incorrectly sorts padata objects with overflowed seq_nr, causing them to be placed before existing objects in the reorder list. This leads to a deadlock in the serialization process as padata_find_next cannot match padata->seq_nr and pd->processed because the padata instance with overflowed seq_nr will be selected next. To fix this, we use an unsigned integer wrap around to correctly sort padata objects in scenarios with integer overflow. • https://git.kernel.org/stable/c/bfde23ce200e6d33291d29b9b8b60cc2f30f0805 https://git.kernel.org/stable/c/46c4079460f4dcaf445860679558eedef4e1bc91 https://git.kernel.org/stable/c/72164d5b648951684b1a593996b37a6083c61d7d https://git.kernel.org/stable/c/ab205e1c3846326f162180e56825b4ba38ce9c30 https://git.kernel.org/stable/c/1b8cf11b3ca593a8802a51802cd0c28c38501428 https://git.kernel.org/stable/c/9e279e6c1f012b82628b89e1b9c65dbefa8ca25a https://git.kernel.org/stable/c/1bd712de96ad7167fe0d608e706cd60587579f16 https://git.kernel.org/stable/c/9a22b2812393d93d84358a760c347c219 •
CVE-2024-43566 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43566
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43566 • CWE-190: Integer Overflow or Wraparound •
CVE-2024-21210 – JDK: Array indexing integer overflow (8328544)
https://notcve.org/view.php?id=CVE-2024-21210
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. • https://www.oracle.com/security-alerts/cpuoct2024.html https://access.redhat.com/security/cve/CVE-2024-21210 https://bugzilla.redhat.com/show_bug.cgi?id=2318524 • CWE-190: Integer Overflow or Wraparound CWE-203: Observable Discrepancy •
CVE-2024-47425 – Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)
https://notcve.org/view.php?id=CVE-2024-47425
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/framemaker/apsb24-82.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2024-47424 – Adobe Framemaker | Integer Overflow or Wraparound (CWE-190)
https://notcve.org/view.php?id=CVE-2024-47424
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/framemaker/apsb24-82.html • CWE-190: Integer Overflow or Wraparound •