Page 17 of 4953 results (0.011 seconds)

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: can: dev: can_set_termination(): allow sleeping GPIOs In commit 6e86a1543c37 ("can: dev: provide optional GPIO based termination support") GPIO based termination support was added. For no particular reason that patch uses gpiod_set_value() to set the GPIO. This leads to the following warning, if the systems uses a sleeping GPIO, i.e. behind an I2C port expander: | WARNING: CPU: 0 PID: 379 at /drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x50/0x6c | CPU: 0 UID: 0 PID: 379 Comm: ip Not tainted 6.11.0-20241016-1 #1 823affae360cc91126e4d316d7a614a8bf86236c Replace gpiod_set_value() by gpiod_set_value_cansleep() to allow the use of sleeping GPIOs. • https://git.kernel.org/stable/c/6e86a1543c378f2e8837ad88f361b7bf606c80f7 https://git.kernel.org/stable/c/faa0a1975a6fbce30616775216606eb8d6388ea1 https://git.kernel.org/stable/c/46637a608fb1ee871a0ad8bf70d917d5d95ac251 https://git.kernel.org/stable/c/1ac442f25c19953d2f33b92549628b0aeac83db6 https://git.kernel.org/stable/c/3b0c5bb437d31a9864f633b85cbc42d2f6c51c96 https://git.kernel.org/stable/c/ee1dfbdd8b4b6de85e96ae2059dc9c1bdb6b49b5 •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this causes dpc_thread to exit and clean up itself. When kthread_stop is called for final cleanup, this causes use after free. Remove UNLOADING signal to terminate dpc_thread. Use the kthread_stop as the main signal to exit dpc_thread. [596663.812935] kernel BUG at mm/slub.c:294! [596663.812950] invalid opcode: 0000 [#1] SMP PTI [596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1 [596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012 [596663.812974] RIP: 0010:__slab_free+0x17d/0x360 ... [596663.813008] Call Trace: [596663.813022] ? • https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e https://git.kernel.org/stable/c/ca36d9d53745d5ec8946ef85006d4da605ea7c54 https://git.kernel.org/stable/c/b3e6f25176f248762a24d25ab8cf8c5e90874f80 https://git.kernel.org/stable/c/15369e774f27ec790f207de87c0b541e3f90b22d https://git.kernel.org/stable/c/6abf16d3c915b2feb68c1c8b25fcb71b13f98478 https://git.kernel.org/stable/c/07c903db0a2ff84b68efa1a74a4de353ea591eb0 •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: sysfs: Prevent div by zero Prevent a division by 0 when monitoring is not enabled. • https://git.kernel.org/stable/c/1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f https://git.kernel.org/stable/c/87bf3ea841a5d77beae6bb85af36b2b3848407ee https://git.kernel.org/stable/c/7b21233e5f72d10f08310689f993c1dbdfde9f2c https://git.kernel.org/stable/c/0069928727c2e95ca26c738fbe6e4b241aeaaf08 https://git.kernel.org/stable/c/9c191055c7abea4912fdb83cb9b261732b25a0c8 https://git.kernel.org/stable/c/eb48e9fc0028bed94a40a9352d065909f19e333c •

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled. This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of directory data in a page from i_size and the page index, loses the upper 32 bits of the 64-bit size information due to an inappropriate type of local variable to which the i_size value is assigned. This caused a large byte offset value due to underflow in the end address calculation in the calling nilfs_find_entry(), resulting in memory access that exceeds the folio/page size. Fix this issue by changing the type of the local variable causing the bit loss from "unsigned int" to "u64". The return value of nilfs_last_byte() is also of type "unsigned int", but it is truncated so as not to exceed PAGE_SIZE and no bit loss occurs, so no change is required. • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 https://git.kernel.org/stable/c/09d6d05579fd46e61abf6e457bb100ff11f3a9d3 https://git.kernel.org/stable/c/e3732102a9d638d8627d14fdf7b208462f0520e0 https://git.kernel.org/stable/c/48eb6e7404948032bbe811c5affbe39f6b316951 https://git.kernel.org/stable/c/5af8366625182f01f6d8465c9a3210574673af57 https://git.kernel.org/stable/c/c3afea07477baccdbdec4483f8d5e59d42a3f67f https://git.kernel.org/stable/c/31f7b57a77d4c82a34ddcb6ff35b5aa577ef153e https://git.kernel.org/stable/c/985ebec4ab0a28bb5910c3b1481a40fbf •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC (aka message data CRC) at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC (indicating a correctly received body length), with the body length being incorrectly set to 0. This will later lead to a memory corruption in drm_dp_sideband_append_payload() and the following errors in dmesg: UBSAN: array-index-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:786:25 index -1 is out of range for type 'u8 [48]' Call Trace: drm_dp_sideband_append_payload+0x33d/0x350 [drm_display_helper] drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper] drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper] memcpy: detected field-spanning write (size 18446744073709551615) of single field "&msg->msg[msg->curlen]" at drivers/gpu/drm/display/drm_dp_mst_topology.c:791 (size 256) Call Trace: drm_dp_sideband_append_payload+0x324/0x350 [drm_display_helper] drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper] drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper] • https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96 https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801 https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763 •