Page 170 of 2514 results (0.007 seconds)

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu(). • https://git.kernel.org/stable/c/ff86aae3b4112b85d2231c23bccbc49589df1c06 https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85 https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85 https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96 https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701 https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •

CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferred to the target task upon resume to userspace via task_work. However failures while adding an event's callback to the task_work engine are ignored. And since the last call for events exit happen after task work is eventually closed, there is a small window during which pending sigtrap can be queued though ignored, leaking the event refcount addition such as in the following scenario: TASK A ----- do_exit() exit_task_work(tsk); <IRQ> perf_event_overflow() event->pending_sigtrap = pending_id; irq_work_queue(&event->pending_irq); </IRQ> =========> PREEMPTION: TASK A -> TASK B event_sched_out() event->pending_sigtrap = 0; atomic_long_inc_not_zero(&event->refcount) // FAILS: task work has exited task_work_add(&event->pending_task) [...] <IRQ WORK> perf_pending_irq() // early return: event->oncpu = -1 </IRQ WORK> [...] =========> TASK B -> TASK A perf_event_exit_task(tsk) perf_event_exit_event() free_event() WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1) // leak event due to unexpected refcount == 2 As a result the event is never released while the task exits. Fix this with appropriate task_work_add()'s error handling. A logical flaw exists in the Linux kernel.  When a task is scheduled, pending sigtrap deliveries are deferred to the target task upon resuming to userspace via task_work. • https://git.kernel.org/stable/c/8bffa95ac19ff27c8261904f89d36c7fcf215d59 https://git.kernel.org/stable/c/517e6a301f34613bff24a8e35b5455884f2d83d8 https://git.kernel.org/stable/c/78e1317a174edbfd1182599bf76c092a2877672c https://git.kernel.org/stable/c/67fad724f1b568b356c1065d50df46e6b30eb2f7 https://git.kernel.org/stable/c/70882d7fa74f0731492a0d493e8515a4f7131831 https://git.kernel.org/stable/c/05d3fd599594abf79aad4484bccb2b26e1cb0b51 https://git.kernel.org/stable/c/3d7a63352a93bdb8a1cdf29606bf617d3ac1c22a https://git.kernel.org/stable/c/2fd5ad3f310de22836cdacae919dd99d7 • CWE-404: Improper Resource Shutdown or Release •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via free_event() directly, this can potentially result in a leaked event, such as in the following scenario that doesn't even require a weak IRQ work implementation to trigger: schedule() prepare_task_switch() =======> <NMI> perf_event_overflow() event->pending_sigtrap = ... irq_work_queue(&event->pending_irq) <======= </NMI> perf_event_task_sched_out() event_sched_out() event->pending_sigtrap = 0; atomic_long_inc_not_zero(&event->refcount) task_work_add(&event->pending_task) finish_lock_switch() =======> <IRQ> perf_pending_irq() //do nothing, rely on pending task work <======= </IRQ> begin_new_exec() perf_event_exit_task() perf_event_exit_event() // If is child event free_event() WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1) // event is leaked Similar scenarios can also happen with perf_event_remove_on_exec() or simply against concurrent perf_event_release(). Fix this with synchonizing against the possibly remaining pending task work while freeing the event, just like is done with remaining pending IRQ work. This means that the pending task callback neither need nor should hold a reference to the event, preventing it from ever beeing freed. • https://git.kernel.org/stable/c/8bffa95ac19ff27c8261904f89d36c7fcf215d59 https://git.kernel.org/stable/c/517e6a301f34613bff24a8e35b5455884f2d83d8 https://git.kernel.org/stable/c/78e1317a174edbfd1182599bf76c092a2877672c https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0 https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99 https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4 https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891 https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be26 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscv_kernel_entry When alignment handling is delegated to the kernel, everything must be word-aligned in purgatory, since the trap handler is then set to the kexec one. Without the alignment, hitting the exception would ultimately crash. On other occasions, the kernel's handler would take care of exceptions. This has been tested on a JH7110 SoC with oreboot and its SBI delegating unaligned access exceptions and the kernel configured to handle them. • https://git.kernel.org/stable/c/736e30af583fb6e0e2b8211b894ff99dea0f1ee7 https://git.kernel.org/stable/c/5d4aaf16a8255f7c71790e211724ba029609c5ff https://git.kernel.org/stable/c/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 •

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and hence the backing ttm_bo) leads to a refcount underflow. Instead of calling nouveau_bo_ref() in the unwind path of drm_gem_object_init(), clean things up manually. (cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5) • https://git.kernel.org/stable/c/ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6 https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6 https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10 https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320 https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f73494592 •