Page 20 of 2872 results (0.008 seconds)

CVSS: -EPSS: 0%CPEs: 11EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on exit") will cause that usb phy @glue->xceiv is accessed after released. 1) register platform driver @sunxi_musb_driver // get the usb phy @glue->xceiv sunxi_musb_probe() -> devm_usb_get_phy(). 2) register and unregister platform driver @musb_driver musb_probe() -> sunxi_musb_init() use the phy here //the phy is released here musb_remove() -> sunxi_musb_exit() -> devm_usb_put_phy() 3) register @musb_driver again musb_probe() -> sunxi_musb_init() use the phy here but the phy has been released at 2). ... Fixed by reverting the commit, namely, removing devm_usb_put_phy() from sunxi_musb_exit(). • https://git.kernel.org/stable/c/6ed05c68cbcae42cd52b8e53b66952bfa9c002ce https://git.kernel.org/stable/c/583a4219841d00e96b5de55be160aa7eb7721a4d https://git.kernel.org/stable/c/b4ecc15d6f5a13c0bbe2777438e87e321f83faaa https://git.kernel.org/stable/c/a2259ebaa933331c53904caf792b619ec42f0da5 https://git.kernel.org/stable/c/721ddad945596220c123eb6f7126729fe277ee4f https://git.kernel.org/stable/c/4aa77d5ea9944468e16c3eed15e858fd5de44de1 https://git.kernel.org/stable/c/6e2848d1c8c0139161e69ac0a94133e90e9988e8 https://git.kernel.org/stable/c/63559ba8077cbadae1c92a65b73ea522b •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() The "*cmd" variable can be controlled by the user via debugfs. That means "new_cam" can be as high as 255 while the size of the uc->updated[] array is UCSI_MAX_ALTMODES (30). The call tree is: ucsi_cmd() // val comes from simple_attr_write_xsigned() -> ucsi_send_command() -> ucsi_send_command_common() -> ucsi_run_command() // calls ucsi->ops->sync_control() -> ucsi_ccg_sync_control() • https://git.kernel.org/stable/c/170a6726d0e266f2c8f306e3d61715c32f4ee41e https://git.kernel.org/stable/c/d76923164705821aa1b01b8d9d1741f20c654ab4 https://git.kernel.org/stable/c/8f47984b35f3be0cfc652c2ca358d5768ea3456b https://git.kernel.org/stable/c/604314ecd682913925980dc955caea2d036eab5f https://git.kernel.org/stable/c/69e19774f15e12dda6c6c58001d059e30895009b https://git.kernel.org/stable/c/3a2ba841659a0f15102585120dea75d8d5209616 https://git.kernel.org/stable/c/7dd08a0b4193087976db6b3ee7807de7e8316f96 •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_edgeport: fix use after free in debug printk The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb) is a use after free of the "urb" pointer. Store the "dev" pointer at the start of the function to avoid this issue. • https://git.kernel.org/stable/c/984f68683298ba53af32f909de1f9452fbb37ccb https://git.kernel.org/stable/c/e6ceb04eeb6115d872d4c4078d12f1170ed755ce https://git.kernel.org/stable/c/39709ce93f5c3f9eb535efe2afea088805d1128f https://git.kernel.org/stable/c/e567fc8f7a4460e486e52c9261b1e8b9f5dc42aa https://git.kernel.org/stable/c/44fff2c16c5aafbdb70c7183dae0a415ae74705e https://git.kernel.org/stable/c/275258c30bbda29467216e96fb655b16bcc9992b https://git.kernel.org/stable/c/13d6ff3ca76056d06a9d88300be2a293442ff595 https://git.kernel.org/stable/c/314bdf446053e123f37543aa535197ee7 •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs A recent change in the venus driver results in a stuck clock on the Lenovo ThinkPad X13s, for example, when streaming video in firefox: video_cc_mvs0_clk status stuck at 'off' WARNING: CPU: 6 PID: 2885 at drivers/clk/qcom/clk-branch.c:87 clk_branch_wait+0x144/0x15c ... Call trace: clk_branch_wait+0x144/0x15c clk_branch2_enable+0x30/0x40 clk_core_enable+0xd8/0x29c clk_enable+0x2c/0x4c vcodec_clks_enable.isra.0+0x94/0xd8 [venus_core] coreid_power_v4+0x464/0x628 [venus_core] vdec_start_streaming+0xc4/0x510 [venus_dec] vb2_start_streaming+0x6c/0x180 [videobuf2_common] vb2_core_streamon+0x120/0x1dc [videobuf2_common] vb2_streamon+0x1c/0x6c [videobuf2_v4l2] v4l2_m2m_ioctl_streamon+0x30/0x80 [v4l2_mem2mem] v4l_streamon+0x24/0x30 [videodev] using the out-of-tree sm8350/sc8280xp venus support. [1] Update also the sm8350/sc8280xp GDSC definitions so that the hw control mode can be changed at runtime as the venus driver now requires. • https://git.kernel.org/stable/c/ec9a652e514903df887791b669b70e86ab4e3ec5 https://git.kernel.org/stable/c/d055f6f2bdfb8b9c9bc071f748c16bd3afb2db0f https://git.kernel.org/stable/c/f903663a8dcd6e1656e52856afbf706cc14cbe6d •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove(): [ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12 [ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry [ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004 [...] [ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [...] [ 57.331328] Call Trace: [ 57.331477] <TASK> [...] [ 57.333511] ? do_user_addr_fault+0x3e5/0x740 [ 57.333778] ? exc_page_fault+0x70/0x170 [ 57.334016] ? asm_exc_page_fault+0x2b/0x30 [ 57.334263] ? • https://git.kernel.org/stable/c/399ff3a748cf4c8c853e96dd477153202636527b https://git.kernel.org/stable/c/38cbf13b2e7a31362babe411f7c2c3c52cd2734b https://git.kernel.org/stable/c/168a9b8303fcb0317db4c06b23ce1c0ce2af4e10 https://git.kernel.org/stable/c/6a7e6dcf90fe7721d0863067b6ca9a9442134692 https://git.kernel.org/stable/c/dcc8fe8c83145041cb6c80cac21f6173a3ff0204 https://git.kernel.org/stable/c/86dd0e8d42828923c68ad506933336bcd6f2317d https://git.kernel.org/stable/c/dd73c942eed76a014c7a5597e6926435274d2c4c https://git.kernel.org/stable/c/2b5369528ee63c88371816178a05b5e66 •