Page 101 of 4061 results (0.023 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526 [74412.556784] caller is netif_rx_internal+0x42/0x130 [74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5 [74412.569870] Ha... • https://git.kernel.org/stable/c/548c237c0a9972df5d1afaca38aa733ee577128d • CWE-372: Incomplete Internal State Distinction •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. This field corresponds to the sdiag_raw_protocol field in struct inet_diag_req_raw. inet_diag_get_exact_compat() converts inet_diag_req to inet_diag_req_v2, but leaves the pad field uninitialized. So the issue occurs when raw_lookup(... • https://git.kernel.org/stable/c/432490f9d455fb842d70219f22d9d2c812371676 •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the namespace on a corrupted filesystem, and a couple of flaws that cause problems if the starting number of non-reserved inodes written in the on-disk super block is intentionally (or corruptly) changed from its default... • https://git.kernel.org/stable/c/57235c3c88bb430043728d0d02f44a4efe386476 •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file inodes, which triggers a kernel bug in lru_add_fn(). As Jan Kara pointed out, this is because the link count of a metadata file gets corrupted to 0, and nilfs_evict_inode(), which is called from iput(), tries to delete that inode (ifile... • https://git.kernel.org/stable/c/c33c2b0d92aa1c2262d999b2598ad6fbd53bd479 •

CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0

30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. • https://git.kernel.org/stable/c/c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e • CWE-369: Divide By Zero •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. A flaw was found in the Linux kernel’s nouveau module. The return value of the drm_mode_duplicate function is not checked in the nouveau_connector_get_modes f... • https://git.kernel.org/stable/c/6ee738610f41b59733f63718f0bdbcba7d3a3f12 • CWE-476: NULL Pointer Dereference •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn't do the check and triggered warnings in practice. We believe those checks were forgotten unintentionally. Add the checks back to fix the warnings. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: v... • https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91 •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous key. In that scenario, some key material from the previous key would not be overwritten. The easiest solution is to explicitly zeroize the enti... • https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8 •

CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of and skipping over the main info block match that in load_guspatch(). In load_guspatch(), add checking that the specified patch length matches the actually supplied data, like load_data() already did. In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of an... • https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab •

CVSS: 5.2EPSS: 0%CPEs: 8EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout that aren't necessarily valid. Basically, the code tries to account the time spent in spinlocks to the caller rather than the spinlock, and while I support that as a concept, it's not worth the code complexity... • https://git.kernel.org/stable/c/65ebdde16e7f5da99dbf8a548fb635837d78384e • CWE-125: Out-of-bounds Read •