Page 199 of 2955 results (0.031 seconds)

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system suspend. This can cause a null pointer dereference exception to occur when the system resumes. Example order of events leading to the exception: 1. spi_sync() calls __spi_transfer_message_noqueue() which sets ctlr->cur_msg 2. Spi transfer begins via spi_transfer_one_message() 3. System is suspended interrupting the transfer context 4. System is resumed 6. spi_controller_resume() calls spi_start_queue() which resets cur_msg to NULL 7. • https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068 https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37 •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function ‘f2fs_init_page_array_cache’: fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between 1 and 7 bytes into a region of size between 5 and 8 [-Werror=format-overflow=] 1984 | sprintf(slab_name, "f2fs_page_array_entry-%u:%u", MAJOR(dev), MINOR(dev)); | ^~ String "f2fs_page_array_entry-%u:%u" can up to 35. The first "%u" can up to 4 and the second "%u" can up to 7, so total size is "24 + 4 + 7 = 35". slab_name's size should be 35 rather than 32. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: f2fs: evitar aviso de desbordamiento de formato. Con la opción gcc y W=1, aparece un aviso como este: fs/f2fs/compress.c: En la función 'f2fs_init_page_array_cache': fs/f2fs /compress.c:1984:47: error: directiva '%u' escribiendo entre 1 y 7 bytes en una región de tamaño entre 5 y 8 [-Werror=format-overflow=] 1984 | sprintf(slab_name, "f2fs_page_array_entry-%u:%u", MAJOR(dev), MINOR(dev)); | ^~ La cadena "f2fs_page_array_entry-%u:%u" puede tener hasta 35. El primer "%u" puede tener hasta 4 y el segundo "%u" puede hasta 7, por lo que el tamaño total es "24 + 4 + 7 = 35". • https://git.kernel.org/stable/c/c041f5ddef00c731c541e00bc8ae97b8c84c682f https://git.kernel.org/stable/c/e4088d7d8f1123006d46a42edf51b8c960a58ef9 https://git.kernel.org/stable/c/526dd7540a09ecf87b5f54f3ab4e0a2528f25a79 https://git.kernel.org/stable/c/6fca08fd3085253b48fcb1bd243a0a5e18821a00 https://git.kernel.org/stable/c/3eebe636cac53886bd5d1cdd55e082ec9e84983f https://git.kernel.org/stable/c/e0d4e8acb3789c5a8651061fbab62ca24a45c063 •

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix a possible null pointer dereference In radeon_fp_native_mode(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. The failure status of drm_cvt_mode() on the other path is checked too. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/radeon: corrige una posible desreferencia del puntero null. En radeon_fp_native_mode(), el valor de retorno de drm_mode_duplicate() se asigna al modo, lo que conducirá a una desreferencia del puntero NULL en caso de falla de drm_mode_duplicate(). Agregue una marca para evitar npd. • https://git.kernel.org/stable/c/b33f7d99c9226892c7794dc2500fae35966020c9 https://git.kernel.org/stable/c/16a0f0b63c4c7eb46fc4c3f00bf2836e6ee46a9f https://git.kernel.org/stable/c/8a89bfeef9abe93371e3ea8796377f2d132eee29 https://git.kernel.org/stable/c/28fd384c78d7d8ed8af0d086d778c3e438ba7f60 https://git.kernel.org/stable/c/fee8ae0a0bb66eb7730c22f44fbd7203f63c2eab https://git.kernel.org/stable/c/7b7fba107b2c4ec7673d0f45bdbb9d1af697d9b9 https://git.kernel.org/stable/c/e938d24f0b7392e142b8aa434f18590d99dbe479 https://git.kernel.org/stable/c/140d9807b96e1303f6f2675a7ae8710a2 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the radix tree code. Oops. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: lib/generic-radix-tree.c: No se desborda en peek() Cuando comenzamos a distribuir nuevos números de inodos en la mayor parte del espacio de inodos de 64 bits, eso activó algunas esquinas. errores de casos, en particular algunos desbordamientos de enteros relacionados con el código del árbol de base. Ups. • https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437 https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0 https://access.redhat.com/security/cve/CVE-2021-47432 https://bugzilla.redhat.com/show_bug.cgi?id=2282366 •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queues. This causes to a crash when traffic is sent over the PKEY interface due to the parent having a single queue but the child having multiple queues. This patch fixes the number of queues to 1 for legacy IPoIB at the earliest possible point in time. BUG: kernel NULL pointer dereference, address: 000000000000036b PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 4 PID: 209665 Comm: python3 Not tainted 6.1.0_for_upstream_min_debug_2022_12_12_17_02 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:kmem_cache_alloc+0xcb/0x450 Code: ce 7e 49 8b 50 08 49 83 78 10 00 4d 8b 28 0f 84 cb 02 00 00 4d 85 ed 0f 84 c2 02 00 00 41 8b 44 24 28 48 8d 4a 01 49 8b 3c 24 <49> 8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 74 b8 41 8b RSP: 0018:ffff88822acbbab8 EFLAGS: 00010202 RAX: 0000000000000070 RBX: ffff8881c28e3e00 RCX: 00000000064f8dae RDX: 00000000064f8dad RSI: 0000000000000a20 RDI: 0000000000030d00 RBP: 0000000000000a20 R08: ffff8882f5d30d00 R09: ffff888104032f40 R10: ffff88810fade828 R11: 736f6d6570736575 R12: ffff88810081c000 R13: 00000000000002fb R14: ffffffff817fc865 R15: 0000000000000000 FS: 00007f9324ff9700(0000) GS:ffff8882f5d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000036b CR3: 00000001125af004 CR4: 0000000000370ea0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_clone+0x55/0xd0 ip6_finish_output2+0x3fe/0x690 ip6_finish_output+0xfa/0x310 ip6_send_skb+0x1e/0x60 udp_v6_send_skb+0x1e5/0x420 udpv6_sendmsg+0xb3c/0xe60 ? ip_mc_finish_output+0x180/0x180 ? __switch_to_asm+0x3a/0x60 ? __switch_to_asm+0x34/0x60 sock_sendmsg+0x33/0x40 __sys_sendto+0x103/0x160 ? • https://git.kernel.org/stable/c/d4bf3fcccd188db9f3310d93472041cdefba97bf https://git.kernel.org/stable/c/d21714134505bc23daa0455b295f3b63730b3b42 https://git.kernel.org/stable/c/ca48174a7643a7e6dd31c4338c5cde49552e138e https://git.kernel.org/stable/c/ee0e9b2c4b9c35837553124b4912230a7e7c7212 https://git.kernel.org/stable/c/2aecfec735f16f99c059db956edfd95a32458d22 https://git.kernel.org/stable/c/8fa3ee8ef185eb3e8be44f282721b05a03e6f888 https://git.kernel.org/stable/c/bc2f5760b47cba4a76be9371806f8f10fccf71a9 https://git.kernel.org/stable/c/bab775fa9c4f4b4da30c9cc99be4bec19 •