Page 15 of 2808 results (0.001 seconds)

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever removing it from intc_list which would lead to a use after free. To fix this, let's only add it to the list after everything has succeeded. • https://git.kernel.org/stable/c/2dcec7a988a1895540460a0bf5603bab63d5a3ed https://git.kernel.org/stable/c/3c7c806b3eafd94ae0f77305a174d63b69ec187c https://git.kernel.org/stable/c/d8de818df12d86a1a26a8efd7b4b3b9c6dc3c5cc https://git.kernel.org/stable/c/971b4893457788e0e123ea552f0bb126a5300e61 https://git.kernel.org/stable/c/c3f4f4547fb291982f5ef56c048277c4d5ccc4e4 https://git.kernel.org/stable/c/c43df7dae28fb9fce96ef088250c1e3c3a77c527 https://git.kernel.org/stable/c/b8b84dcdf3ab1d414304819f824b10efba64132c https://git.kernel.org/stable/c/6ba6e19912570b2ad68298be0be1dc779 •

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, cpu_max_bits_warn() generates a runtime warning similar as below when showing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] Modules linked in: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 [ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa [ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Call Trace: [ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<900000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ end trace 8b484262b4b8c24c ]--- • https://git.kernel.org/stable/c/8fbb57eabfc8ae67115cb47f904614c99d626a89 https://git.kernel.org/stable/c/f8f26cf69003a37ffa947631fc0e6fe6daee624a https://git.kernel.org/stable/c/77755dc95ff2f9a3e473acc1e039f498629949ea https://git.kernel.org/stable/c/e2b91997db286a5dd3cca6d5d9c20004851f22eb https://git.kernel.org/stable/c/2b6b8e011fab680a223b5e07a3c64774156ec6fe https://git.kernel.org/stable/c/09faf32c682ea4a547200b8b9e04d8b3c8e84b55 https://git.kernel.org/stable/c/39373f6f89f52770a5405d30dddd08a27d097872 https://git.kernel.org/stable/c/701e32900683378d93693fec15d133e2c •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty. • https://git.kernel.org/stable/c/489422e2befff88a1de52b2acebe7b333bded025 https://git.kernel.org/stable/c/97e13434b5da8e91bdf965352fad2141d13d72d3 https://git.kernel.org/stable/c/e3e54ad9eff8bdaa70f897e5342e34b76109497f https://git.kernel.org/stable/c/5eb7de8cd58e73851cd37ff8d0666517d9926948 •

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255 is out of range for type 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events request_firmware_work_func Call Trace: <TASK> dump_stack_lvl+0x180/0x1b0 __ubsan_handle_out_of_bounds+0xd4/0x130 htc_issue_send.constprop.0+0x20c/0x230 ? _raw_spin_unlock_irqrestore+0x3c/0x70 ath9k_wmi_cmd+0x41d/0x610 ? mark_held_locks+0x9f/0xe0 ... Since this bug has been confirmed to be caused by insufficient verification of conn_rsp_epid, I think it would be appropriate to add a range check for conn_rsp_epid to htc_connect_service() to prevent the bug from occurring. • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 https://git.kernel.org/stable/c/5f177fb9d01355ac183e65ad8909ea8ef734e0cf https://git.kernel.org/stable/c/cb480ae80fd4d0f1ac9e107ce799183beee5124b https://git.kernel.org/stable/c/c941af142200d975dd3be632aeb490f4cb91dae4 https://git.kernel.org/stable/c/8965db7fe2e913ee0802b05fc94c6d6aa74e0596 https://git.kernel.org/stable/c/70eae50d2156cb6e078d0d78809b49bf2f4c7540 https://git.kernel.org/stable/c/b6551479daf2bfa80bfd5d9016b02a810e508bfb https://git.kernel.org/stable/c/3fe99b9690b99606d3743c9961ebee865 •

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit was created at: __alloc_pages_noprof+0x9a7/0xe00 alloc_pages_mpol_noprof+0x299/0x990 alloc_pages_noprof+0x1bf/0x1e0 allocate_slab+0x33a/0x1250 ___slab_alloc+0x12ef/0x35e0 kmem_cache_alloc_bulk_noprof+0x486/0x1330 __io_alloc_req_refill+0x84/0x560 io_submit_sqes+0x172f/0x2f30 __se_sys_io_uring_enter+0x406/0x41c0 __x64_sys_io_uring_enter+0x11f/0x1a0 x64_sys_call+0x2b54/0x3ba0 do_syscall_64+0xcd/0x1e0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Since an instance of 'struct kiocb' may be passed from the block layer with 'private' field uninitialized, introduce 'ocfs2_iocb_init_rw_locked()' and use it from where 'ocfs2_dio_end_io()' might take care, i.e. in 'ocfs2_file_read_iter()' and 'ocfs2_file_write_iter()'. • https://git.kernel.org/stable/c/7cdfc3a1c3971c9125c317cb8c2525745851798e https://git.kernel.org/stable/c/6c8f8d1e595dabd5389817f6d798cc8bd95c40ab https://git.kernel.org/stable/c/f4078ef38d3163e6be47403a619558b19c4bfccd https://git.kernel.org/stable/c/66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f https://git.kernel.org/stable/c/8c966150d5abff58c3c2bdb9a6e63fd773782905 https://git.kernel.org/stable/c/83f8713a0ef1d55d6a287bcfadcaab8245ac5098 https://git.kernel.org/stable/c/8e0de82ed18ba0e71f817adbd81317fd1032ca5a https://git.kernel.org/stable/c/366c933c2ab34dd6551acc03b4872726b •