Page 154 of 4581 results (0.020 seconds)

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync() • https://git.kernel.org/stable/c/ef6c49d87c3418c442a22e55e3ce2f91b163d69e https://git.kernel.org/stable/c/8cc342508f9e7fdccd2e9758ae9d52aff72dab7f https://git.kernel.org/stable/c/4752fafb461821f8c8581090c923ababba68c5bd https://git.kernel.org/stable/c/d7997d19dfa7001ca41e971cd9efd091bb195b51 https://git.kernel.org/stable/c/901206f71e6ad2b2e7accefc5199a438d173c25f https://git.kernel.org/stable/c/99eb8d694174c777558dc902d575d1997d5ca650 https://git.kernel.org/stable/c/c8b56e51aa91b8e7df3a98388dce3fdabd15c1d4 https://git.kernel.org/stable/c/98d056603ce55ceb90631b3927151c190 •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate the verifier reg type to the appropriate btf_vmlinux BTF ID, however commit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL") moved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after the base register types, and defined other variants using type flag composition. However, now, the direct usage of reg->type to index into reg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to out of bounds access and kernel crash on dereference of bad pointer. • https://git.kernel.org/stable/c/e8efe8369944c6199f124e3b50662ad05a048b60 https://git.kernel.org/stable/c/931e56be527fb2672556e3c00c57ff2a5f5de43e https://git.kernel.org/stable/c/35ab8c9085b0af847df7fac9571ccd26d9f0f513 https://git.kernel.org/stable/c/77459bc4d5e2c6f24db845780b4d9d60cf82d06a https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1 •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left unbalanced. Update the error handling path and add the missing iounmap() call, as already done in the remove function. • https://git.kernel.org/stable/c/74aeac4da66fbfa246edbfc849002eac9b5af9ca https://git.kernel.org/stable/c/0f88722313645a903f4d420ba61ddc690ec2481d https://git.kernel.org/stable/c/c5723b422f564af15f2e3bc0592fd6376a0a6c45 https://git.kernel.org/stable/c/53d43a9c8dd224e66559fe86af1e473802c7130e https://git.kernel.org/stable/c/ce1076b33e299dc8d270e4450a420a18bfb3e190 https://git.kernel.org/stable/c/1aa12ecfdcbafebc218910ec47acf6262e600cf5 https://git.kernel.org/stable/c/fe73477802981bd0d0d70f2b22f109bcca801bdb https://git.kernel.org/stable/c/d6ed5426a7fad36cf928c244483ba24e7 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: iio: adc: tsc2046: fix memory corruption by preventing array overflow On one side we have indio_dev->num_channels includes all physical channels + timestamp channel. On other side we have an array allocated only for physical channels. So, fix memory corruption by ARRAY_SIZE() instead of num_channels variable. Note the first case is a cleanup rather than a fix as the software timestamp channel bit in active_scanmask is never set by the IIO core. • https://git.kernel.org/stable/c/9374e8f5a38defe90bc65b2decf317c1c62d91dd https://git.kernel.org/stable/c/0cb9b2f73c182d242a640e512f4785c7c504512f https://git.kernel.org/stable/c/082d2c047b0d305bb0b6e9f9d671a09470e2db2d https://git.kernel.org/stable/c/b7a78a8adaa8849c02f174d707aead0f85dca0da •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. It could cause list corruption if there're two different list_add at the same time like below. It's better to add in rndis_add_response / rndis_free_response / rndis_get_next_response to prevent any race condition on response list. [ 361.894299] [1: irq/191-dwc3:16979] list_add corruption. next->prev should be prev (ffffff80651764d0), but was ffffff883dc36f80. (next=ffffff80651764d0). [ 361.904380] [1: irq/191-dwc3:16979] Call trace: [ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90 [ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0 [ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84 [ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4 [ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60 [ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0 [ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc [ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc [ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec [ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c • https://git.kernel.org/stable/c/f6281af9d62e128aa6efad29cf7265062af114f2 https://git.kernel.org/stable/c/9f5d8ba538ef81cd86ea587ca3f8c77e26bea405 https://git.kernel.org/stable/c/669c2b178956718407af5631ccbc61c24413f038 https://git.kernel.org/stable/c/9f688aadede6b862a0a898792b1a35421c93636f https://git.kernel.org/stable/c/9ab652d41deab49848673c3dadb57ad338485376 https://git.kernel.org/stable/c/4ce247af3f30078d5b97554f1ae6200a0222c15a https://git.kernel.org/stable/c/da514063440b53a27309a4528b726f92c3cfe56f https://git.kernel.org/stable/c/33222d1571d7ce8c1c75f6b488f38968f •