Page 112 of 2881 results (0.009 seconds)

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local "fail_msg" string is set and a log message output. The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since "fail_msg" remains set, jobs are added to the completions list re... • https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consuming a thermal sensor and that thermal sensor device hasn't probed yet, an attempt to set trip_point_*_temp for that thermal zone device can cause a NULL pointer dereference. Fix it. console:/sys/class/thermal/thermal_zone87 # echo 1200... • https://git.kernel.org/stable/c/828f4c31684da94ecf0b44a2cbd35bbede04f0bd •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the flag is not cleared upon completion of the login. This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set to LPFC_RPI_ALLOW_ERROR. This results in a use after free acce... • https://git.kernel.org/stable/c/dbebf865b3239595c1d4dba063b122862583b52a • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanup cfg80211_stop_ap(), this leads to the initialization of in-use data. For example, this path re-init the sdata->assigned_chanctx_list while it is still an element of assigned_vifs list, and makes that linked list corrupt. En el kerne... • https://git.kernel.org/stable/c/ac800140c20e7ae51117e71289065bedd4930fc2 • CWE-665: Improper Initialization •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memory leak during driver removal. Properly free memory when the module is removed. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: pm80xx: se corrigió la pérdida de memoria durante rmmod, el controlador no pudo liberar toda la memoria asignada. Esto puede provocar una pérdida de memoria durante la eliminación d... • https://git.kernel.org/stable/c/269a4311b15f68d24e816f43f123888f241ed13d • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() The following warning was observed running syzkaller: [ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in; [ 3813.830724] program syz-executor not setting count and/or reply_len properly [ 3813.836956] ================================================================== [ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x... • https://git.kernel.org/stable/c/3e20cb072679bdb47747ccc8bee3233a4cf0765a •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queuecommand+0x468/0x65c scsi_send_eh_cmnd+0x224/0x6a0 scsi_eh_test_devices+0x248/0x418 scsi_eh_ready_devs+0xc34/0xe58 scsi_error_handler+0x204/0x80c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 That warning is triggered by the following sta... • https://git.kernel.org/stable/c/7a3e97b0dc4bbac2ba7803564ab0057722689921 •

CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0

10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound flush_to_ldisc Call trace: dump_backtrace+0x0/0x1ec show_stack+0x24/0x30 dump_stack+0xd0/0x128 panic+0x15c/0x374 watchdog_timer_fn+0x2b8/0x304 __run_hrtimer+0x88/0x2c0 __hrtimer_run_queues+0xa4/0x120 hrtimer_interrupt+0xfc/0x270 arch_ti... • https://git.kernel.org/stable/c/0380f643f3a7a61b0845cdc738959c2ad5735d61 • CWE-1050: Excessive Platform Resource Consumption within a Loop •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer dereference. Driver unload requests may hang with repeated "2878" log messages. The Link down processing results in ABTS requests for outstanding ELS requests. The Abort WQEs are sent for the ELSs before the driver had set th... • https://git.kernel.org/stable/c/28de48a7cea495ab48082d9ff4ef63f7cb4e563a •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsi_mode_sense() buffer length handling Several problems exist with scsi_mode_sense() buffer length handling: 1) The allocation length field of the MODE SENSE(10) command is 16-bits, occupying bytes 7 and 8 of the CDB. With this command, access to mode pages larger than 255 bytes is thus possible. However, the CDB allocation length field is set by assigning len to byte 8 only, thus truncating buffer length larger than 255. ... • https://git.kernel.org/stable/c/e15de347faf4a9f494cbd4e9a623d343dc1b5851 •