Page 138 of 2752 results (0.026 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: discard write access to the directory open may_open() does not allow a directory to be opened with the write access. However, some writing flags set by client result in adding write access on server, making ksmbd incompatible with FUSE file system. Simply, let's discard the write access when opening a directory. list_add corruption. next is NULL. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:26! pc : __list_add_... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •

CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMI matching functions, it must be terminated by a empty entry. Since this entry is missing, an array out-of-bounds access occurs every time the quirk list is processed. Fix this by adding the terminating empty entry. In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix arr... • https://git.kernel.org/stable/c/3cb1f40dfdc3b9f5449076c96b4e2523139f5cd0 •

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an EINVAL. We need to fix this issue since we can end up with a Kernel warning should a program request the feature UFFD_FEATURE_WP_UNPOPULATED on a kernel with the config not set with this feature. [ 200.812896] WARNIN... • https://git.kernel.org/stable/c/e06f1e1dd4998ffc9da37f580703b55a93fc4de4 •

CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix memory leak in audio daemon attach operation Audio PD daemon send the name as part of the init IOCTL call. This name needs to be copied to kernel for which memory is allocated. This memory is never freed which might result in memory leak. Free the memory when it is not needed. In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix memory leak in audio daemon attach operation Audio PD daemon... • https://git.kernel.org/stable/c/0871561055e666da421d779397efcc1e5e964cab •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix task_struct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the task_struct: unreferenced object 0xffff8881305b8000 (size 16136): comm "stress-ng", pid 614, jiffies 4294883961 (age 286.412s) object hex dump (first 32 bytes): 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@............ • https://git.kernel.org/stable/c/feff2e65efd8d84cf831668e182b2ce73c604bbb • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() The "instance" variable needs to be signed for the error handling to work. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of ser... • https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8 •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() There is no support for HWPOISON, MEMORY_FAILURE, or ARCH_HAS_COPY_MC on s390. Therefore we do not expect to see VM_FAULT_HWPOISON in do_exception(). However, since commit af19487f00f3 ("mm: make PTE_MARKER_SWAPIN_ERROR more general"), it is possible to see VM_FAULT_HWPOISON in combination with PTE_MARKER_POISONED, even on architectures that do not support HWPOISON otherwise. In this... • https://git.kernel.org/stable/c/af19487f00f34ff8643921d7909dbb3fedc7e329 •

CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. Thanks to Greg KH for stumbling over this while doing the stable backport... Apply exactly the same fix to the compat path for 32-bit kernels. In the L... • https://git.kernel.org/stable/c/c293621bbf678a3d85e3ed721c3921c8a670610d • CWE-667: Improper Locking •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate ff offset This adds sanity checks for ff offset. There is a check on rt->first_free at first, but walking through by ff without any check. If the second ff is a large offset. We may encounter an out-of-bound read. In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate ff offset This adds sanity checks for ff offset. There is a check on rt->first_free at first, but walking through by ff with... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add a check for attr_names and oatbl Added out-of-bound checking for *ane (ATTR_NAME_ENTRY). • https://git.kernel.org/stable/c/e0b64e4ad2eb013fd3299e34e7fe5e19f321e140 •