Page 201 of 3290 results (0.014 seconds)

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport error_recovery work While nvme_tcp_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in order to fully prevent a race where this check is not reliable the error recovery work must flush async_event_work before continuing to destroy the admin queue after setting the ctrl state to RESETTING such that there is no race .submit_async_event and the error recovery handler itself changing the ctrl state. • https://git.kernel.org/stable/c/61a26ffd5ad3ece456d74c4c79f7b5e3f440a141 https://git.kernel.org/stable/c/e192184cf8bce8dd55d619f5611a2eaba996fa05 https://git.kernel.org/stable/c/5e42fca37ccc76f39f73732661bd47254cad5982 https://git.kernel.org/stable/c/bb0d8fb35c4ff00a503c2c4dca4cce8d102a21c4 https://git.kernel.org/stable/c/ff9fc7ebf5c06de1ef72a69f9b1ab40af8b07f9e •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in order to fully prevent a race where this check is not reliable the error recovery work must flush async_event_work before continuing to destroy the admin queue after setting the ctrl state to RESETTING such that there is no race .submit_async_event and the error recovery handler itself changing the ctrl state. • https://git.kernel.org/stable/c/5593f72d1922403c11749532e3a0aa4cf61414e9 https://git.kernel.org/stable/c/d411b2a5da68b8a130c23097014434ac140a2ace https://git.kernel.org/stable/c/324f5bdc52ecb6a6dadb31a62823ef8c709d1439 https://git.kernel.org/stable/c/646952b2210f19e584d2bf9eb5d092abdca2fcc1 https://git.kernel.org/stable/c/ea86027ac467a055849c4945906f799e7f65ab99 https://git.kernel.org/stable/c/b6bb1722f34bbdbabed27acdceaf585d300c5fd2 •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: fix use-after-free If no firmware was present at all (or, presumably, all of the firmware files failed to parse), we end up unbinding by calling device_release_driver(), which calls remove(), which then in iwlwifi calls iwl_drv_stop(), freeing the 'drv' struct. However the new code I added will still erroneously access it after it was freed. Set 'failure=false' in this case to avoid the access, all data was already freed anyway. • https://git.kernel.org/stable/c/8e10749fa1a454c1e7214f36cec83241f5a36ef1 https://git.kernel.org/stable/c/1d7cc54137a4f28506dc7beac235b240b08f4e59 https://git.kernel.org/stable/c/0446cafa843e6db4982731c167e11c80d42be7e2 https://git.kernel.org/stable/c/febab6b60d61d13cd9f30a2991deea56df39567d https://git.kernel.org/stable/c/e23f075d77987de4215c8e0696f28bcc707506f7 https://git.kernel.org/stable/c/6b5ad4bd0d78fef6bbe0ecdf96e09237c9c52cc1 https://git.kernel.org/stable/c/d3b98fe36f8a06ce654049540773256ab59cb53d https://git.kernel.org/stable/c/7d6475179b85a83186ccce59cdc359d4f •

CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsock_connect() expects that the socket could already be in the TCP_ESTABLISHED state when the connecting task wakes up with a signal pending. If this happens the socket will be in the connected table, and it is not removed when the socket state is reset. In this situation it's common for the process to retry connect(), and if the connection is successful the socket will be added to the connected table a second time, corrupting the list. Prevent this by calling vsock_remove_connected() if a signal is received while waiting for a connection. This is harmless if the socket is not in the connected table, and if it is in the table then removing it will prevent list corruption from a double add. Note for backporting: this patch requires d5afa82c977e ("vsock: correct removal of socket from the list"), which is in all current stable trees except 4.9.y. • https://git.kernel.org/stable/c/d021c344051af91f42c5ba9fdedc176740cbd238 https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608 https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549 https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7 https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44 https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94 https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61 • CWE-371: State Issues •

CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change The refcount leak issues take place in an error handling path. When the 3rd argument buf doesn't match with "offline", "online" or "remove", the function simply returns -EINVAL and forgets to decrease the reference count of a rpc_xprt object and a rpc_xprt_switch object increased by rpc_sysfs_xprt_kobj_get_xprt() and rpc_sysfs_xprt_kobj_get_xprt_switch(), causing reference count leaks of both unused objects. Fix this issue by jumping to the error handling path labelled with out_put when buf matches none of "offline", "online" or "remove". A memory leak flaw was found in the Linux kernel’s SunRpc filesystem (sysfs). This flaw allows a local user to crash the system. • https://git.kernel.org/stable/c/4b22aa42bd4d2d630ef1854c139275c3532937cb https://git.kernel.org/stable/c/5f6024c05a2c0fdd180b29395aaf686d25af3a0f https://git.kernel.org/stable/c/776d794f28c95051bc70405a7b1fa40115658a18 https://access.redhat.com/security/cve/CVE-2021-47624 https://bugzilla.redhat.com/show_bug.cgi?id=2298108 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •