Page 132 of 5131 results (0.007 seconds)

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: video/aperture: optionally match the device in sysfb_disable() In aperture_remove_conflicting_pci_devices(), we currently only call sysfb_disable() on vga class devices. This leads to the following problem when the pimary device is not VGA compatible: 1. A PCI device with a non-VGA class is the boot display 2. That device is probed first and it is not a VGA device so sysfb_disable() is not called, but the device resources are freed by aperture_detach_platform_device() 3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable() 4. • https://git.kernel.org/stable/c/5ae3716cfdcd286268133867f67d0803847acefc https://git.kernel.org/stable/c/485ec8f8e1d8ae12aa1daa5ad345ba8940ad2db7 https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed. It also assumes that the caller will make the appropriate * permission checks. nfsd_setattr() does do permissions checking via fh_verify() and nfsd_permission(), but those don't do all the same permissions checks that are done by security_inode_setxattr() and its related LSM hooks do. Since nfsd_setattr() is the only consumer of security_inode_setsecctx(), simplest solution appears to be to replace the call to __vfs_setxattr_noperm() with a call to __vfs_setxattr_locked(). This fixes the above issue and has the added benefit of causing nfsd to recall conflicting delegations on a file when a client tries to change its security label. • https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930 https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924 https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57 https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96 https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7 •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. (cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3) • https://git.kernel.org/stable/c/5d945cbcd4b16a29d6470a80dfb19738f9a4319f https://git.kernel.org/stable/c/c46dda486e4f9b86eeac40aaea65a6f93dc44dad https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0 https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051 https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink: Fix race during initialization As pointed out by Stephen Boyd it is possible that during initialization of the pmic_glink child drivers, the protection-domain notifiers fires, and the associated work is scheduled, before the client registration returns and as a result the local "client" pointer has been initialized. The outcome of this is a NULL pointer dereference as the "client" pointer is blindly dereferenced. Timeline provided by Stephen: CPU0 CPU1 ---- ---- ucsi->client = NULL; devm_pmic_glink_register_client() client->pdr_notify(client->priv, pg->client_state) pmic_glink_ucsi_pdr_notify() schedule_work(&ucsi->register_work) <schedule away> pmic_glink_ucsi_register() ucsi_register() pmic_glink_ucsi_read_version() pmic_glink_ucsi_read() pmic_glink_ucsi_read() pmic_glink_send(ucsi->client) <client is NULL BAD> ucsi->client = client // Too late! This code is identical across the altmode, battery manager and usci child drivers. Resolve this by splitting the allocation of the "client" object and the registration thereof into two operations. This only happens if the protection domain registry is populated at the time of registration, which by the introduction of commit '1ebcde047c54 ("soc: qcom: add pd-mapper implementation")' became much more likely. • https://git.kernel.org/stable/c/58ef4ece1e41ac525db3e79529909683325d85df https://git.kernel.org/stable/c/1efdbf5323c9360e05066049b97414405e94e087 https://git.kernel.org/stable/c/943b0e7cc646a624bb20a68080f8f1a4a55df41c https://git.kernel.org/stable/c/3568affcddd68743e25aa3ec1647d9b82797757b •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Mark get_wq_ctx() as atomic call Currently get_wq_ctx() is wrongly configured as a standard call. When two SMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to resume the corresponding sleeping thread. But if get_wq_ctx() is interrupted, goes to sleep and another SMC call is waiting to be allocated a waitq context, it leads to a deadlock. To avoid this get_wq_ctx() must be an atomic call and can't be a standard SMC call. Hence mark get_wq_ctx() as a fast call. • https://git.kernel.org/stable/c/6bf32599223634294cdc6efb359ffaab1d68073c https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06 https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5 https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0 •