Page 103 of 6867 results (0.008 seconds)

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular and wowlan) firmware loading attempts. Otherwise if 'rtw_usb_intf_init()' has failed in 'rtw_usb_probe()', 'rtw_usb_disconnect()' may issue 'ieee80211_free_hw()' when one of 'rtw_load_firmware_cb()' (usually the wowlan one) is still in progress, causing UAF detected by KASAN. • https://git.kernel.org/stable/c/c8e5695eae9959fc5774c0f490f2450be8bad3de https://git.kernel.org/stable/c/a0c1e2da652cf70825739bc12d49ea15805690bf https://git.kernel.org/stable/c/ceaab3fb64d6a5426a3db8f87f3e5757964f2532 https://git.kernel.org/stable/c/7887ad11995a4142671cc49146db536f923c8568 https://git.kernel.org/stable/c/1b8178a2ae272256ea0dc4f940320a81003535e2 https://git.kernel.org/stable/c/9432185540bafd42b7bfac6e6ef2f0a0fb4be447 https://git.kernel.org/stable/c/e9a78d9417e167410d6fb83c4e908b077ad8ba6d https://git.kernel.org/stable/c/0e735a4c6137262bcefe45bb52fde7b1f •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: use hweight16 to get correct tx antenna The chainmask is u16 so using hweight8 cannot get correct tx_ant. Without this patch, the tx_ant of band 2 would be -1 and lead to the following issue: BUG: KASAN: stack-out-of-bounds in mt7996_mcu_add_sta+0x12e0/0x16e0 [mt7996e] • https://git.kernel.org/stable/c/98686cd21624c75a043e96812beadddf4f6f48e5 https://git.kernel.org/stable/c/50d87e3b70980abc090676b6b4703fcbd96221f9 https://git.kernel.org/stable/c/8f51fc8a9e2fd96363d8ec3f4ee4b78dd64754e3 https://git.kernel.org/stable/c/33954930870c18ec549e4bca0eeff43e252cb740 https://git.kernel.org/stable/c/f98c3de92bb05dac4a4969df8a4595ed380b4604 •

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace: ieee80211_do_stop() ... spin_lock_irqsave(&local->queue_stop_reason_lock, flags) ... ieee80211_free_txskb() ieee80211_report_used_skb() ieee80211_report_ack_skb() cfg80211_mgmt_tx_status_ext() nl80211_frame_tx_status() genlmsg_multicast_netns() genlmsg_multicast_netns_filtered() nlmsg_multicast_filtered() netlink_broadcast_filtered() do_one_broadcast() netlink_broadcast_deliver() __netlink_sendskb() netlink_deliver_tap() __netlink_deliver_tap_skb() dev_queue_xmit() __dev_queue_xmit() ; with IRQS disabled ... spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags) issues the warning (as reported by syzbot reproducer): WARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120 Fix this by implementing a two-phase skb reclamation in 'ieee80211_do_stop()', where actual work is performed outside of a section with interrupts disabled. • https://git.kernel.org/stable/c/5061b0c2b9066de426fbc63f1278d2210e789412 https://git.kernel.org/stable/c/07eb0bd7b0a8abed9d45e0f567c9af1dc83e5268 https://git.kernel.org/stable/c/04f75f5bae33349283d6886901d9acd2f110c024 https://git.kernel.org/stable/c/f232916fab67ca1c3425926df4a866e59ff26908 https://git.kernel.org/stable/c/acb53a716e492a02479345157c43f21edc8bc64b https://git.kernel.org/stable/c/db5ca4b42ccfa42d2af7b335ff12578e57775c02 https://git.kernel.org/stable/c/058c9026ad79dc98572442fd4c7e9a36aba6f596 https://git.kernel.org/stable/c/eab272972cffff9cd973b8e4055a8e81c •

CVSS: -EPSS: 0%CPEs: 10EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param In the `wilc_parse_join_bss_param` function, the TSF field of the `ies` structure is accessed after the RCU read-side critical section is unlocked. According to RCU usage rules, this is illegal. Reusing this pointer can lead to unpredictable behavior, including accessing memory that has been updated or causing use-after-free issues. This possible bug was identified using a static analysis tool developed by myself, specifically designed to detect RCU-related issues. To address this, the TSF value is now stored in a local variable `ies_tsf` before the RCU lock is released. The `param->tsf_lo` field is then assigned using this local variable, ensuring that the TSF value is safely accessed. • https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2 https://git.kernel.org/stable/c/b4bbf38c350acb6500cbe667b1e2e68f896e4b38 https://git.kernel.org/stable/c/d80fc436751cfa6b02a8eda74eb6cce7dadfe5a2 https://git.kernel.org/stable/c/745003b5917b610352f52fe0d11ef658d6471ec2 https://git.kernel.org/stable/c/4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce https://git.kernel.org/stable/c/205c50306acf58a335eb19fa84e40140f4fe814f https://git.kernel.org/stable/c/5800ec78775c0cd646f71eb9bf8402fb794807de https://git.kernel.org/stable/c/dd50d3ead6e3707bb0a5df7cc832730c9 •

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: sock_map: Add a cond_resched() in sock_hash_free() Several syzbot soft lockup reports all have in common sock_hash_free() If a map with a large number of buckets is destroyed, we need to yield the cpu when needed. • https://git.kernel.org/stable/c/5bed77b0a2a0e6b6bc0ae8e851cafb38ef0374df https://git.kernel.org/stable/c/75e68e5bf2c7fa9d3e874099139df03d5952a3e1 https://git.kernel.org/stable/c/6fc372656a1ebed8c1ebe0011881058c02eeddc0 https://git.kernel.org/stable/c/bc05f6855642cff3c0eeb63060b35d8c4f8a851d https://git.kernel.org/stable/c/1a11a1a53255ddab8a903cdae01b9d3eb2c1a47b https://git.kernel.org/stable/c/984648aac87a6a1c8fd61663bec3f7b61eafad5e https://git.kernel.org/stable/c/04f62c012e0e4683e572b30baf6004ca0a3f6772 https://git.kernel.org/stable/c/80bd490ac0a3b662a489e17d8eedeb1e9 •