Page 152 of 2707 results (0.019 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor load fails, the eswitch error flow unloads all representors, including ethernet representors, where the netdevs get detached and removed from lag bond. Such flow is inaccurate as the lag driver is not responsible for... • https://git.kernel.org/stable/c/598fe77df855feeeca9dfda2ffe622ac7724e5c3 •

CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0

19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely for the sem, blocking flow now waits for index to be allocated or a sem acquisition timeout before beginning the timer for FW completion. Kernel log example: mlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:112... • https://git.kernel.org/stable/c/8e715cd613a1e872b9d918e912d90b399785761a • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command interface and trigger all completions manually. Kernel log: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. ... RIP: 0010:refcount_warn_saturate+0xd8/0xe0 ... Call Trace: ? __warn+... • https://git.kernel.org/stable/c/27c79b3a9212cf4ba634c157e07d29548181a208 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issue of net_device There is a reference count leak issue of the object "net_device" in ax25_dev_device_down(). When the ax25 device is shutting down, the ax25_dev_device_down() drops the reference count of net_device one or zero times depending on if we goto unlock_put or not, which will cause memory leak. In order to solve the above issue, decrease the reference count of net_device after dev->ax25_ptr is set... • https://git.kernel.org/stable/c/d01ffb9eee4af165d83b08dd73ebdf9fe94a519b •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fec: remove .ndo_poll_controller to avoid deadlocks There is a deadlock issue found in sungem driver, please refer to the commit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoid deadlocks"). The root cause of the issue is that netpoll is in atomic context and disable_irq() is called by .ndo_poll_controller interface of sungem driver, however, disable_irq() might sleep. After analyzing the implementation of fec_poll_cont... • https://git.kernel.org/stable/c/7f5c6addcdc039c1a7c435857e6284ecac5d97c8 •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, an error message is logged and the function returns fa... • https://git.kernel.org/stable/c/b629596072e5fa901c84f9e88d845a696ee32942 •

CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0

19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: kirkwood: Fix potential NULL dereference In kirkwood_dma_hw_params() mv_mbus_dram_info() returns NULL if CONFIG_PLAT_ORION macro is not defined. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: kirkwood: corrige una posible desreferencia NULL En kirkwood_dma_hw_params() mv_mbus_dram_info() devuelve NULL si la macro... • https://git.kernel.org/stable/c/bb6a40fc5a830cae45ddd5cd6cfa151b008522ed • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer. Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and verifying that we now return EINVAL. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm/mediatek: Agr... • https://git.kernel.org/stable/c/119f5173628aa7a0c3cf9db83460d40709e8241d •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it in drm_mode_set_name(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mhdp_state->current_mode. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: b... • https://git.kernel.org/stable/c/fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary in load_video_binaries() is followed with a dereference of mycs->yuv_scaler_binary after the following call chain: sh_css_pipe_load_binaries() |-> load_video_binaries(mycs->yuv_scaler_binary == NULL) | |-> sh_css_pipe_unload_binaries() |-> unload_video_binaries() In unload_video_binaries(), it calls to ia_css_bina... • https://git.kernel.org/stable/c/a49d25364dfb9f8a64037488a39ab1f56c5fa419 •