Page 167 of 3075 results (0.011 seconds)

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: free raw_report buffers in usbhid_stop Free the unsent raw_report buffers when the device is removed. Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: usbhid: buffers raw_report libres en usbhid_stop. Libera los buffers raw_report no enviados cuando se elimina el dispositivo. Corrige una pérdida de memoria informada por syzbot en: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47 • https://git.kernel.org/stable/c/7ce4e49146612261265671b1d30d117139021030 https://git.kernel.org/stable/c/efc5c8d29256955cc90d8d570849b2d6121ed09f https://git.kernel.org/stable/c/c3156fea4d8a0e643625dff69a0421e872d1fdae https://git.kernel.org/stable/c/764ac04de056801dfe52a716da63f6e7018e7f3b https://git.kernel.org/stable/c/965147067fa1bedff3ae1f07ce3f89f1a14d2df3 https://git.kernel.org/stable/c/f7ac4d24e1610b92689946fa88177673f1e88a3f https://git.kernel.org/stable/c/2b704864c92dcec2b295f276fcfbfb81d9831f81 https://git.kernel.org/stable/c/f7744fa16b96da57187dc8e5634152d3b •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betop_probe Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver. The problem is the driver assumes the device must have an input report but some malicious devices violate this assumption. So this patch checks hid_device's input is non empty before it's been used. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: HID: betop: corrige escritura slab-out-of-bounds en betop_probe. Syzbot informó un error de escritura slab-out-of-bounds en el controlador hid-betopff. El problema es que el controlador supone que el dispositivo debe tener un informe de entrada, pero algunos dispositivos maliciosos violan esta suposición. Entonces, este parche verifica que la entrada de hid_device no esté vacía antes de usarse. • https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019 https://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525 https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9 https://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914 https://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550 https://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee https://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e https://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space (or triggering an oops). Drivers should not try to encode topology information in the tty device name but this one snuck in through staging without anyone noticing and another driver has since copied this malpractice. Fixing the ABI is a separate issue, but this at least plugs the security hole. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipack: ipoctal: corrige la fuga de información de la pila. El nombre del controlador tty también se usa después de registrar el controlador y específicamente no debe asignarse en la pila para evitar filtrar información al espacio del usuario (o activar un ups). Los controladores no deberían intentar codificar información de topología en el nombre del dispositivo tty, pero este se coló durante la preparación sin que nadie se diera cuenta y desde entonces otro controlador copió esta mala práctica. Arreglar la ABI es un tema aparte, pero esto al menos tapa el agujero de seguridad. • https://git.kernel.org/stable/c/ba4dc61fe8c545a5d6a68b63616776556b771f51 https://git.kernel.org/stable/c/acb96e782bad427ca4bb1bd94af660acd1462380 https://git.kernel.org/stable/c/741ea2670e021350e54f491106bdaa22dc50e6a0 https://git.kernel.org/stable/c/2725925982dc96a78069cd118ea3d66759bfdad7 https://git.kernel.org/stable/c/829f13d6079cf7a2465522f39acb43033e9b320d https://git.kernel.org/stable/c/8657158a3b68c85234e6da3d8eae33d6183588b7 https://git.kernel.org/stable/c/5f6a309a699675680df15d9b6d389114515b4426 https://git.kernel.org/stable/c/0a9c36a2e06a249acbed64e8e0b84637c •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: mac80211-hwsim: fix late beacon hrtimer handling Thomas explained in https://lore.kernel.org/r/87mtoeb4hb.ffs@tglx that our handling of the hrtimer here is wrong: If the timer fires late (e.g. due to vCPU scheduling, as reported by Dmitry/syzbot) then it tries to actually rearm the timer at the next deadline, which might be in the past already: 1 2 3 N N+1 | | | ... | | ^ intended to fire here (1) ^ next deadline here (2) ^ actually fired here The next time it fires, it's later, but will still try to schedule for the next deadline (now 3), etc. until it catches up with N, but that might take a long time, causing stalls etc. Now, all of this is simulation, so we just have to fix it, but note that the behaviour is wrong even per spec, since there's no value then in sending all those beacons unaligned - they should be aligned to the TBTT (1, 2, 3, ... in the picture), and if we're a bit (or a lot) late, then just resume at that point. Therefore, change the code to use hrtimer_forward_now() which will ensure that the next firing of the timer would be at N+1 (in the picture), i.e. the next interval point after the current time. • https://git.kernel.org/stable/c/01e59e467ecf976c782eecd4dc99644802cc60e2 https://git.kernel.org/stable/c/9bee85de2c8155388c09a2e1530a243ec1c96f05 https://git.kernel.org/stable/c/2c204cf594df3b9468368dc9d0b24d482d93cda7 https://git.kernel.org/stable/c/ed2adf69e29848d1eb9df99633dde655421c92ed https://git.kernel.org/stable/c/313bbd1990b6ddfdaa7da098d0c56b098a833572 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests The FSM can run in a circle allowing rdma_resolve_ip() to be called twice on the same id_priv. While this cannot happen without going through the work, it violates the invariant that the same address resolution background request cannot be active twice. CPU 1 CPU 2 rdma_resolve_addr(): RDMA_CM_IDLE -> RDMA_CM_ADDR_QUERY rdma_resolve_ip(addr_handler) #1 process_one_req(): for #1 addr_handler(): RDMA_CM_ADDR_QUERY -> RDMA_CM_ADDR_BOUND mutex_unlock(&id_priv->handler_mutex); [.. handler still running ..] rdma_resolve_addr(): RDMA_CM_ADDR_BOUND -> RDMA_CM_ADDR_QUERY rdma_resolve_ip(addr_handler) !! two requests are now on the req_list rdma_destroy_id(): destroy_id_handler_unlock(): _destroy_id(): cma_cancel_operation(): rdma_addr_cancel() // process_one_req() self removes it spin_lock_bh(&lock); cancel_delayed_work(&req->work); if (!list_empty(&req->list)) == true ! rdma_addr_cancel() returns after process_on_req #1 is done kfree(id_priv) process_one_req(): for #2 addr_handler(): mutex_lock(&id_priv->handler_mutex); !! • https://git.kernel.org/stable/c/e51060f08a61965c4dd91516d82fe90617152590 https://git.kernel.org/stable/c/9a085fa9b7d644a234465091e038c1911e1a4f2a https://git.kernel.org/stable/c/03d884671572af8bcfbc9e63944c1021efce7589 https://git.kernel.org/stable/c/305d568b72f17f674155a2a8275f865f207b3808 •