Page 13 of 3330 results (0.007 seconds)

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix system hang while resume with TBT monitor [Why] Connected with a Thunderbolt monitor and do the suspend and the system may hang while resume. The TBT monitor HPD will be triggered during the resume procedure and call the drm_client_modeset_probe() while struct drm_connector connector->dev->master is NULL. It will mess up the pipe topology after resume. [How] Skip the TBT monitor HPD during the resume procedure because we currently will probe the connectors after resume by default. (cherry picked from commit 453f86a26945207a16b8f66aaed5962dc2b95b85) • https://git.kernel.org/stable/c/eb9329cd882aa274e92bdb1003bc088433fdee86 https://git.kernel.org/stable/c/722d2d8fc423108597b97efbf165187d16d9aa1e https://git.kernel.org/stable/c/68d603f467a75618eeae5bfe8af32cda47097010 https://git.kernel.org/stable/c/73e441be033d3ed0bdff09b575da3e7d4606ffc9 https://git.kernel.org/stable/c/c2356296f546326f9f06c109e201d42201e1e783 https://git.kernel.org/stable/c/52d4e3fb3d340447dcdac0e14ff21a764f326907 •

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs. Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge") Compile tested only. • https://git.kernel.org/stable/c/8298b6e45fb4d8944f356b08e4ea3e54df5e0488 https://git.kernel.org/stable/c/c79768ffba5b6e95569a463a69b3101c95694867 https://git.kernel.org/stable/c/e2b2558971e02ca33eb637a8350d68a48b3e8e46 https://git.kernel.org/stable/c/54dae0e9063ed23c9acf8d5ab9b18d3426a8ac18 https://git.kernel.org/stable/c/80c0be7bcf940ce9308311575c3aff8983c9b97a https://git.kernel.org/stable/c/12d26aa7fd3cbdbc5149b6e516563478d575026e https://git.kernel.org/stable/c/2ed7f42dfd3edb387034128ca5b0f639836d4ddd https://git.kernel.org/stable/c/a18c7b239d02aafb791ae2c45226f6bb4 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blk_ioctl_discard() but for secure erase. Same problem: uint64_t r[2] = {512, 18446744073709551104ULL}; ioctl(fd, BLKSECDISCARD, r); will enter near infinite loop inside blkdev_issue_secure_erase(): a.out: attempt to access beyond end of device loop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048 bio_check_eod: 3286214 callbacks suppressed • https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa https://git.kernel.org/stable/c/6c9915fa9410cbb9bd75ee283c03120046c56d3d https://git.kernel.org/stable/c/697ba0b6ec4ae04afb67d3911799b5e2043b4455 •

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count If qi_submit_sync() is invoked with 0 invalidation descriptors (for instance, for DMA draining purposes), we can run into a bug where a submitting thread fails to detect the completion of invalidation_wait. Subsequently, this led to a soft lockup. Currently, there is no impact by this bug on the existing users because no callers are submitting invalidations with 0 descriptors. This fix will enable future users (such as DMA drain) calling qi_submit_sync() with 0 count. Suppose thread T1 invokes qi_submit_sync() with non-zero descriptors, while concurrently, thread T2 calls qi_submit_sync() with zero descriptors. Both threads then enter a while loop, waiting for their respective descriptors to complete. T1 detects its completion (i.e., T1's invalidation_wait status changes to QI_DONE by HW) and proceeds to call reclaim_free_desc() to reclaim all descriptors, potentially including adjacent ones of other threads that are also marked as QI_DONE. During this time, while T2 is waiting to acquire the qi->q_lock, the IOMMU hardware may complete the invalidation for T2, setting its status to QI_DONE. • https://git.kernel.org/stable/c/de9e7f68762585f7532de8a06de9485bf39dbd38 https://git.kernel.org/stable/c/8840dc73ac9e1028291458ef1429ec3c2524ffec https://git.kernel.org/stable/c/e03f00aa4a6c0c49c17857a4048f586636abdc32 https://git.kernel.org/stable/c/dfdbc5ba10fb792c9d6d12ba8cb6e465f97365ed https://git.kernel.org/stable/c/07e4e92f84b7d3018b7064ef8d8438aeb54a2ca5 https://git.kernel.org/stable/c/92ba5b014d5435dd7a1ee02a2c7f2a0e8fe06c36 https://git.kernel.org/stable/c/3cf74230c139f208b7fb313ae0054386eee31a81 •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues with crtc and plane ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_plane_init() and drm_encoder_init(). These functions should not be called with parameters allocated with devm_kzalloc() to avoid use-after-free issues [1]. Use allocations managed by the DRM framework. Found by Linux Verification Center (linuxtesting.org). [1] https://lore.kernel.org/lkml/u366i76e3qhh3ra5oxrtngjtm2u5lterkekcz6y2jkndhuxzli@diujon4h7qwb/ • https://git.kernel.org/stable/c/d02611ff001454358be6910cb926799e2d818716 https://git.kernel.org/stable/c/0a1741d10da29aa84955ef89ae9a03c4b6038657 https://git.kernel.org/stable/c/454e5d7e671946698af0f201e48469e5ddb42851 https://git.kernel.org/stable/c/b22eec4b57d04befa90e8554ede34e6c67257606 https://git.kernel.org/stable/c/19dd9780b7ac673be95bf6fd6892a184c9db611f •