Page 143 of 3829 results (0.012 seconds)

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Skip over memory region when node value is NULL In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts number of phandles. But phandles may be empty. So of_parse_phandle() in the parsing loop (0 < a < nph) may return NULL which is later dereferenced. Adjust this issue by adding NULL-return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. [Fixed title to fit within the prescribed 70-75 charcters] • https://git.kernel.org/stable/c/a0ff4aa6f010801b2a61c203c6e09d01b110fddf https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0 https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66 https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21 https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8 https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2 https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/55b732c8b09b41148eaab2fa8e31b0af47671e00 https://git.kernel.org/stable/c/9b3a4345957f5372041bc4f59de322f62653e862 https://git.kernel.org/stable/c/538a27c8048f081a5ddd286f886eb986fbbc7f80 https://git.kernel.org/stable/c/63f7fdf733add82f126ea00e2e48f6eba15ac4b9 https://git.kernel.org/stable/c/8d8f9a477de0d7962342eedf2a599215b7c63d28 https://git.kernel.org/stable/c/ff14eadc278663cac69d57d3ca7fb2f394e1f8a7 https://git.kernel.org/stable/c/6aa6892a90a5a7fabffe5692ab9f06a7a •

CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list. If this happens, there will be two entries in the devres list with the same vaddr and devres_destroy() can free the wrong entry, triggering the WARN_ON() in dmam_match. Fix by destroying the devres entry before freeing the DMA allocation. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03 • https://git.kernel.org/stable/c/9ac7849e35f705830f7b016ff272b0ff1f7ff759 https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63 https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9 https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7 https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954 https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130 https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory. Fix this by adding the __GFP_ZERO flag to allocations for writes. • https://git.kernel.org/stable/c/7ba1ba12eeef0aa7113beb16410ef8b7c748e18b https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6 https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005 https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2 https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1 https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644 https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b198 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add an mdelay(1000) before acquiring the cgroup_lock In the cgroup_path_ns function. 2.$cat /proc/<pid>/cpuset repeatly. 3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/ $umount /sys/fs/cgroup/cpuset/ repeatly. The race that cause this bug can be shown as below: (umount) | (cat /proc/<pid>/cpuset) css_release | proc_cpuset_show css_release_work_fn | css = task_get_css(tsk, cpuset_cgrp_id); css_free_rwork_fn | cgroup_path_ns(css->cgroup, ...); cgroup_destroy_root | mutex_lock(&cgroup_mutex); rebind_subsystems | cgroup_free_root | | // cgrp was freed, UAF | cgroup_path_ns_locked(cgrp,..); When the cpuset is initialized, the root node top_cpuset.css.cgrp will point to &cgrp_dfl_root.cgrp. • https://git.kernel.org/stable/c/a79a908fd2b080977b45bf103184b81c9d11ad07 https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989 https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4 https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080 https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4 •