Page 193 of 4383 results (0.014 seconds)

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfs_reclaim_bgs_work and adding to the unused list. Since the block group is removed from the reclaim list and it is on a relocation work, it can be added into the unused list in parallel. When that happens, adding it to the reclaim list will corrupt the list head and trigger list corruption like below. Fix it by taking fs_info->unused_bgs_lock. [177.504][T2585409] BTRFS error (device nullb1): error relocating ch= unk 2415919104 [177.514][T2585409] list_del corruption. next->prev should be ff1100= 0344b119c0, but was ff11000377e87c70. (next=3Dff110002390cd9c0) [177.529][T2585409] ------------[ cut here ]------------ [177.537][T2585409] kernel BUG at lib/list_debug.c:65! [177.545][T2585409] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [177.555][T2585409] CPU: 9 PID: 2585409 Comm: kworker/u128:2 Tainted: G W 6.10.0-rc5-kts #1 [177.568][T2585409] Hardware name: Supermicro SYS-520P-WTR/X12SPW-TF, BIOS 1.2 02/14/2022 [177.579][T2585409] Workqueue: events_unbound btrfs_reclaim_bgs_work[btrfs] [177.589][T2585409] RIP: 0010:__list_del_entry_valid_or_report.cold+0x70/0x72 [177.624][T2585409] RSP: 0018:ff11000377e87a70 EFLAGS: 00010286 [177.633][T2585409] RAX: 000000000000006d RBX: ff11000344b119c0 RCX:0000000000000000 [177.644][T2585409] RDX: 000000000000006d RSI: 0000000000000008 RDI:ffe21c006efd0f40 [177.655][T2585409] RBP: ff110002e0509f78 R08: 0000000000000001 R09:ffe21c006efd0f08 [177.665][T2585409] R10: ff11000377e87847 R11: 0000000000000000 R12:ff110002390cd9c0 [177.676][T2585409] R13: ff11000344b119c0 R14: ff110002e0508000 R15:dffffc0000000000 [177.687][T2585409] FS: 0000000000000000(0000) GS:ff11000fec880000(0000) knlGS:0000000000000000 [177.700][T2585409] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [177.709][T2585409] CR2: 00007f06bc7b1978 CR3: 0000001021e86005 CR4:0000000000771ef0 [177.720][T2585409] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000 [177.731][T2585409] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400 [177.742][T2585409] PKRU: 55555554 [177.748][T2585409] Call Trace: [177.753][T2585409] <TASK> [177.759][T2585409] ? • https://git.kernel.org/stable/c/2311fd03027d2c1b2ac4a3a41153a16352659b65 https://git.kernel.org/stable/c/15cb476ceb7da730857b8e94f06161273adb7a3a https://git.kernel.org/stable/c/bf1e8c21f2bef7dfcdadc93b0bb2e8723639d5f7 https://git.kernel.org/stable/c/ab58fe210c40e582a9fd3d122ae21071adb5470a https://git.kernel.org/stable/c/522b39bd7163e8dc49f8cf10b9b782218ac48746 https://git.kernel.org/stable/c/aa1d8cc0cc500e06b316cd6732d4e6c1388fe33c https://git.kernel.org/stable/c/f8e960be923f74a273c62478c9cab9523936752b https://git.kernel.org/stable/c/326fa14549d7969ef80d3f5beea5470cd •

CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. • https://git.kernel.org/stable/c/c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e https://git.kernel.org/stable/c/1f12e4b3284d6c863f272eb2de0d4248ed211cf4 https://git.kernel.org/stable/c/81e7d2530d458548b90a5c5e76b77ad5e5d1c0df https://git.kernel.org/stable/c/5099871b370335809c0fd1abad74d9c7c205d43f https://git.kernel.org/stable/c/16b1025eaa8fc223ab4273ece20d1c3a4211a95d https://git.kernel.org/stable/c/ec18ec230301583395576915d274b407743d8f6c https://git.kernel.org/stable/c/9319b647902cbd5cc884ac08a8a6d54ce111fc78 https://git.kernel.org/stable/c/65977bed167a92e87085e757fffa5798f • CWE-369: Divide By Zero •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. A flaw was found in the Linux kernel’s nouveau module. The return value of the drm_mode_duplicate function is not checked in the nouveau_connector_get_modes function in the drivers/gpu/drm/nouveau/nouveau_connector.c file, possibly causing a NULL pointer dereference and resulting in a denial of service. • https://git.kernel.org/stable/c/6ee738610f41b59733f63718f0bdbcba7d3a3f12 https://git.kernel.org/stable/c/9baf60323efa992b7c915094529f0a1882c34e7e https://git.kernel.org/stable/c/e36364f5f3785d054a94e57e971385284886d41a https://git.kernel.org/stable/c/274cba8d2d1b48c72d8bd90e76c9e2dc1aa0a81d https://git.kernel.org/stable/c/f48dd3f19614022f2e1b794fbd169d2b4c398c07 https://git.kernel.org/stable/c/1f32535238493008587a8c5cb17eb2ca097592ef https://git.kernel.org/stable/c/744b229f09134ccd091427a6f9ea6d97302cfdd9 https://git.kernel.org/stable/c/7db5411c5d0bd9c29b8c2ad93c36b5c16 • CWE-476: NULL Pointer Dereference •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn't do the check and triggered warnings in practice. We believe those checks were forgotten unintentionally. Add the checks back to fix the warnings. • https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91 https://git.kernel.org/stable/c/303d01082edaf817ee2df53a40dca9da637a2c04 https://git.kernel.org/stable/c/eb005c801ec70ff4307727bd3bd6e8280169ef32 •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous key. In that scenario, some key material from the previous key would not be overwritten. The easiest solution is to explicitly zeroize the entire private_key array first. Note that this patch slightly changes the behavior of this function: previously, if the ecc_gen_privkey failed, the old private_key would remain. Now, the private_key is always zeroized. This behavior is consistent with the case where params.key is set and ecc_is_key_valid fails. • https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8 https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975 https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9 •