Page 13 of 2882 results (0.006 seconds)

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multiple threads are concurrently modifying MAC/VLAN filters by setting mac and port VLAN. 1. Thread T0 allocates a filter in i40e_add_filter() within i40e_ndo_set_vf_port_vlan(). 2. Thread T1 concurrently frees the filter in __i40e_del_filter() within i40e_ndo_set_vf_mac(). 3. Subsequently, i40e_service_task() calls i40e_sync_vsi_filters(), which refers to the already freed filter memory, causing corruption. Reproduction steps: 1. • https://git.kernel.org/stable/c/278e7d0b9d6864a9749b9473a273892aa1528621 https://git.kernel.org/stable/c/262dc6ea5f1eb18c4d08ad83d51222d0dd0dd42a https://git.kernel.org/stable/c/7ad3fb3bfd43feb4e15c81dffd23ac4e55742791 https://git.kernel.org/stable/c/bf5f837d9fd27d32fb76df0a108babcaf4446ff1 https://git.kernel.org/stable/c/6e046f4937474bc1b9fa980c1ad8f3253fc638f6 https://git.kernel.org/stable/c/f30490e9695ef7da3d0899c6a0293cc7cd373567 •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpm_pm_suspend() first Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy according, as this leaves window for tpm_hwrng_read() to be called while the operation is in progress. The recent bug report gives also evidence of this behaviour. Aadress this by locking the TPM chip before checking any chip->flags both in tpm_pm_suspend() and tpm_hwrng_read(). Move TPM_CHIP_FLAG_SUSPENDED check inside tpm_get_random() so that it will be always checked only when the lock is reserved. • https://git.kernel.org/stable/c/99d46450625590d410f86fe4660a5eff7d3b8343 https://git.kernel.org/stable/c/7cd46930b8bf37b84777410ac21bfdf1179021d5 https://git.kernel.org/stable/c/eeda114c92c7b2db69878cdf27163750fd57cfe2 https://git.kernel.org/stable/c/cfaf83501a0cbb104499c5b0892ee5ebde4e967f https://git.kernel.org/stable/c/bc203fe416abdd1c29da594565a7c3c4e979488e https://git.kernel.org/stable/c/9265fed6db601ee2ec47577815387458ef4f047a •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: virtio_net: Add hash_key_length check Add hash_key_length check in virtnet_probe() to avoid possible out of bound errors when setting/reading the hash key. • https://git.kernel.org/stable/c/c7114b1249fa3b5f3a434606ba4cc89c4a27d618 https://git.kernel.org/stable/c/f3401e3c8d339ddb6ccb2e3d11ad634b7846a806 https://git.kernel.org/stable/c/af0aa8aecbe8985079232902894cc4cb62795691 https://git.kernel.org/stable/c/6a18a783b1fa590ad1ed785907263e4b86adcfe2 https://git.kernel.org/stable/c/3f7d9c1964fcd16d02a8a9d4fd6f6cb60c4cc530 •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix it ensuring that both sides of the expression are u64. • https://git.kernel.org/stable/c/852b50aeed153b513c0b36298559114fab0fab80 https://git.kernel.org/stable/c/5e1523076acf95b4ea68d19b6f27e6891267cc24 https://git.kernel.org/stable/c/a244b82d0ae60326901f2b50c15e3118298b7ecd https://git.kernel.org/stable/c/97ed0c0332d5525653668b31acf62ff1e6b50784 https://git.kernel.org/stable/c/438d3085ba5b8b5bfa5290faa594e577f6ac9aa7 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: mm/thp: fix deferred split unqueue naming and locking Recent changes are putting more pressure on THP deferred split queues: under load revealing long-standing races, causing list_del corruptions, "Bad page state"s and worse (I keep BUGs in both of those, so usually don't get to see how badly they end up without). The relevant recent changes being 6.8's mTHP, 6.10's mTHP swapout, and 6.12's mTHP swapin, improved swap allocation, and underused THP splitting. Before fixing locking: rename misleading folio_undo_large_rmappable(), which does not undo large_rmappable, to folio_unqueue_deferred_split(), which is what it does. But that and its out-of-line __callee are mm internals of very limited usability: add comment and WARN_ON_ONCEs to check usage; and return a bool to say if a deferred split was unqueued, which can then be used in WARN_ON_ONCEs around safety checks (sparing callers the arcane conditionals in __folio_unqueue_deferred_split()). Just omit the folio_unqueue_deferred_split() from free_unref_folios(), all of whose callers now call it beforehand (and if any forget then bad_page() will tell) - except for its caller put_pages_list(), which itself no longer has any callers (and will be deleted separately). Swapout: mem_cgroup_swapout() has been resetting folio->memcg_data 0 without checking and unqueueing a THP folio from deferred split list; which is unfortunate, since the split_queue_lock depends on the memcg (when memcg is enabled); so swapout has been unqueueing such THPs later, when freeing the folio, using the pgdat's lock instead: potentially corrupting the memcg's list. __remove_mapping() has frozen refcount to 0 here, so no problem with calling folio_unqueue_deferred_split() before resetting memcg_data. That goes back to 5.4 commit 87eaceb3faa5 ("mm: thp: make deferred split shrinker memcg aware"): which included a check on swapcache before adding to deferred queue, but no check on deferred queue before adding THP to swapcache. That worked fine with the usual sequence of events in reclaim (though there were a couple of rare ways in which a THP on deferred queue could have been swapped out), but 6.12 commit dafff3f4c850 ("mm: split underused THPs") avoids splitting underused THPs in reclaim, which makes swapcache THPs on deferred queue commonplace. Keep the check on swapcache before adding to deferred queue? • https://git.kernel.org/stable/c/87eaceb3faa59b9b4d940ec9554ce251325d83fe https://git.kernel.org/stable/c/fc4951c3e3358dd82ea508e893695b916c813f17 https://git.kernel.org/stable/c/afb1352d06b1b6b2cfd1f901c766a430c87078b3 https://git.kernel.org/stable/c/f8f931bba0f92052cf842b7e30917b1afcc77d5a •