6536 results (0.037 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() In split_large_buddy(), we might call pfn_to_page() on a PFN that might not exist. In corner cases, such as when freeing the highest pageblock in the last memory section, this could result with CONFIG_SPARSEMEM && !CONFIG_SPARSEMEM_EXTREME in __pfn_to_section() returning NULL and and __section_mem_map_addr() dereferencing that NULL pointer. Let's fix... • https://git.kernel.org/stable/c/fd919a85cd55be5d00a6a7372071f44c8eafb825 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array The code uses the initialised member of the asoc_sdw_dailink struct to determine if a member of the array is in use. However in the case the array is completely full this will lead to an access 1 past the end of the array, expand the array by one entry to include a space for a terminator. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw:... • https://git.kernel.org/stable/c/27fd36aefa0013bea1cf6948e2e825e9b8cff97a •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev should be released with hci_dev_put at the end of iso_listen_bis even if the function returns with an error. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev should be... • https://git.kernel.org/stable/c/02171da6e86a73e1b343b36722f5d9d5c04b3539 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn't initialize the temporary 'fpmr' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.uw.fpmr, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechani... • https://git.kernel.org/stable/c/4035c22ef7d43a6c00d6a6584c60e902b95b46af •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_POE Currently poe_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.por_el0, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism... • https://git.kernel.org/stable/c/17519819926211e6b2834e00e4554bec0daf22ac •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down reply or MST up request sideband message, the drm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset from one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with the reading/parsing of the message from another thread via drm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The r... • https://git.kernel.org/stable/c/b30fcedeba643ca16eaa6212c1245598b7cd830d •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: block: RCU protect disk->conv_zones_bitmap Ensure that a disk revalidation changing the conventional zones bitmap of a disk does not cause invalid memory references when using the disk_zone_is_conv() helper by RCU protecting the disk->conv_zones_bitmap pointer. disk_zone_is_conv() is modified to operate under the RCU read lock and the function disk_set_conv_zones_bitmap() is added to update a disk conv_zones_bitmap pointer using rcu_replace... • https://git.kernel.org/stable/c/493326c4f10cc71a42c27fdc97ce112182ee4cbc •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently tagged_addr_ctrl_set() will consume an arbitrary value, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a ... • https://git.kernel.org/stable/c/2200aa7154cb7ef76bac93e98326883ba64bfa2e •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memo... • https://git.kernel.org/stable/c/03b1781aa978aab345b5a85d8596f8615281ba89 •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode. In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompre... • https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5 •