| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Brokering File System Elevation of Privilege Vulnerability |
| Microsoft Office Visio Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Access Remote Code Execution Vulnerability |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
| Microsoft Brokering File System Elevation of Privilege Vulnerability |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Server Remote Code Execution Vulnerability |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Remote Code Execution Vulnerability |
| In the Linux kernel, the following vulnerability has been resolved:
nfsd: provide locking for v4_end_grace
Writing to v4_end_grace can race with server shutdown and result in
memory being accessed after it was freed - reclaim_str_hashtbl in
particularly.
We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is
held while client_tracking_op->init() is called and that can wait for
an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a
deadlock.
nfsd4_end_grace() is also called by the landromat work queue and this
doesn't require locking as server shutdown will stop the work and wait
for it before freeing anything that nfsd4_end_grace() might access.
However, we must be sure that writing to v4_end_grace doesn't restart
the work item after shutdown has already waited for it. For this we
add a new flag protected with nn->client_lock. It is set only while it
is safe to make client tracking calls, and v4_end_grace only schedules
work while the flag is set with the spinlock held.
So this patch adds a nfsd_net field "client_tracking_active" which is
set as described. Another field "grace_end_forced", is set when
v4_end_grace is written. After this is set, and providing
client_tracking_active is set, the laundromat is scheduled.
This "grace_end_forced" field bypasses other checks for whether the
grace period has finished.
This resolves a race which can result in use-after-free. |
