Page 138 of 5263 results (0.035 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault On driver reload we never free up the memory for the pagefault and access counter workqueues. Add those destroy calls here. (cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b) In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault On driver reload we never free up the memory for the pagefault and ac... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy the VM. Prevent UAF by freeing job before xe_exec_queue_put. (cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f) In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy th... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. (cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442) Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in ... • https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ata: pata_macio: Fix DMA table overflow Kolbj rn and Jonáš reported that their 32-bit PowerMacs were crashing in pata-macio since commit 09fe2bfa6b83 ("ata: pata_macio: Fix max_segment_size with PAGE_SIZE == 64K"). For example: kernel BUG at drivers/ata/pata_macio.c:544! Oops: Exception in kernel mode, sig: 5 [#1] BE PAGE_SIZE=4K MMU=Hash SMP NR_CPUS=2 DEBUG_PAGEALLOC PowerMac ... NIP pata_macio_qc_prep+0xf4/0x190 LR pata_macio_qc_prep+0xfc... • https://git.kernel.org/stable/c/09fe2bfa6b83f865126ce3964744863f69a4a030 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: fix panic caused by partcmd_update We find a bug as below: BUG: unable to handle page fault for address: 00000003 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 358 Comm: bash Tainted: G W I 6.6.0-10893-g60d6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4 RIP: 0010:partition_sched_domains_locked+0x483/0x600 Code: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9 RSP: 001... • https://git.kernel.org/stable/c/0c7f293efc87a06b51db9aa65256f8cb0a5a0a21 •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, reading info could cause a Use-after-Free. A simple solution is to copy the required info while inside the RCU protected section to avoid any risk of UaF later. The... • https://git.kernel.org/stable/c/01cacb00b35cb62b139f07d5f84bcf0eeda8eff6 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: mm, slub: do not call do_slab_free for kfence object In 782f8906f805 the freeing of kfence objects was moved from deep inside do_slab_free to the wrapper functions outside. This is a nice change, but unfortunately it missed one spot in __kmem_cache_free_bulk. This results in a crash like this: BUG skbuff_head_cache (Tainted: G S B E ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840 slab_err (mm/slub.c:1129) free_to_... • https://git.kernel.org/stable/c/782f8906f8057efc7151b4b98b0a0280a71d005f •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clear page dirty inside extent_write_locked_range() [BUG] For subpage + zoned case, the following workload can lead to rsv data leak at unmount time: # mkfs.btrfs -f -s 4k $dev # mount $dev $mnt # fsstress -w -n 8 -d $mnt -s 1709539240 0/0: fiemap - no filename 0/1: copyrange read - no filename 0/2: write - no filename 0/3: rename - no source filename 0/4: creat f0 x:0 0 0 0/4: creat add id=0,parent=-1 0/5: writev f0[259 1 0 0... • https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368 •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() bcm_sf2_mdio_register() calls of_phy_find_device() and then phy_device_remove() in a loop to remove existing PHY devices. of_phy_find_device() eventually calls bus_find_device(), which calls get_device() on the returned struct device * to increment the refcount. The current implementation does not decrement the refcount, which causes memory leak. This commit adds the m... • https://git.kernel.org/stable/c/771089c2a485958e423f305e974303760167b45c •

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible to receive CQEs with 0 consumed strides for the same WQE even after the WQE is fully consumed and unlinked. This triggers an additional unlink for the same wqe which corrupts the linked list. Fix this scenario by accepting 0 sized consumed strides wi... • https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •