Page 213 of 3049 results (0.035 seconds)

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in a null-ptr-deref. The get_free_serial_index() function returns an available minor number but doesn't assign it immediately. The assignment is done by the caller later. But before this assignment, calls to get_free_serial_index() would return the same minor number. Fix this by modifying get_free_serial_index to assign the minor number immediately after one is found to be and rename it to obtain_minor() to better reflect what it does. Similary, rename set_serial_by_index() to release_minor() and modify it to free up the minor number of the given hso_serial. • https://git.kernel.org/stable/c/72dc1c096c7051a48ab1dbb12f71976656b55eb5 https://git.kernel.org/stable/c/a462067d7c8e6953a733bf5ade8db947b1bb5449 https://git.kernel.org/stable/c/145c89c441d27696961752bf51b323f347601bee https://git.kernel.org/stable/c/caf5ac93b3b5d5fac032fc11fbea680e115421b4 https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36 https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723 https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgic_its_check_cache() does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes. Have vgic_its_check_cache() raise the refcount on the returned vgic_irq and add the corresponding decrement after queueing the interrupt. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: arm64: vgic-its: Evite posibles UAF en la caché de traducción LPI. Existe un escenario potencial de UAF en el caso de que un caché de traducción LPI se acelere con una operación que invalide la caché, como un comando DISCARD ITS. La raíz del problema es que vgic_its_check_cache() no eleva el refcount en vgic_irq antes de eliminar el bloqueo que serializa los cambios de refcount. • https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88 https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703 https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4 https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6 https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1 https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80 https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f https://lists.debian.org/debian-lts-announce/2024/06/ • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the logical block size of the disk is larger than 512 bytes, then the partition size maybe not the multiple of the logical block size, and when the last sector is read, bio_truncate() will adjust the bio size, resulting in an IO error if the size of the read command is smaller than the logical block size.If integrity data is supported, this will also result in a null pointer dereference when calling bio_integrity_free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: agregar verifique que la longitud de la partición debe estar alineada con el tamaño del bloque Antes de llamar a agregar partición o cambiar el tamaño de la partición, no se verifica si la longitud está alineada con el tamaño del bloque lógico. Si el tamaño del bloque lógico del disco es mayor que 512 bytes, entonces el tamaño de la partición tal vez no sea el múltiplo del tamaño del bloque lógico, y cuando se lea el último sector, bio_truncate() ajustará el tamaño de la biografía, lo que resultará en un error de E/S si el tamaño del comando de lectura es menor que el tamaño del bloque lógico. Si se admiten datos de integridad, esto también resultará en una desreferencia del puntero nulo al llamar a bio_integrity_free. A flaw was found in the Linux kernel's block subsystem, where a NULL pointer dereference occurs if partitions are created or resized with a size that is not a multiple of the logical block size. • https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62 https://git.kernel.org/stable/c/5010c27120962c85d2f421d2cf211791c9603503 https://git.kernel.org/stable/c/ef31cc87794731ffcb578a195a2c47d744e25fb8 https://git.kernel.org/stable/c/cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8 https://git.kernel.org/stable/c/bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5 https://git.kernel.org/stable/c/6f64f866aa1ae6975c95d805ed51d7e9433a0016 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://access.redhat.com/security/cve/CVE-2023 • CWE-476: NULL Pointer Dereference •

CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: validar el token mecánico en la configuración de la sesión Si el cliente envía un token mecánico no válido en la solicitud de configuración de la sesión, ksmbd valida y genera el error si no es válido. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of SMB2 Mech Tokens. • https://git.kernel.org/stable/c/dd1de9268745f0eac83a430db7afc32cbd62e84b https://git.kernel.org/stable/c/6eb8015492bcc84e40646390e50a862b2c0529c9 https://git.kernel.org/stable/c/a2b21ef1ea4cf632d19b3a7cc4d4245b8e63202a https://git.kernel.org/stable/c/5e6dfec95833edc54c48605a98365a7325e5541e https://git.kernel.org/stable/c/92e470163d96df8db6c4fa0f484e4a229edb903d • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on the context object. However, that might happen before the usb hub_event handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: pvrusb2: corrige el use after free de desconexión de contexto. Al cargar el módulo, se crea un kthread dirigido a la función pvr2_context_thread_func, que puede llamar a pvr2_context_destroy y, por lo tanto, llamar a kfree() en el objeto de contexto. • https://git.kernel.org/stable/c/e5be15c63804e05b5a94197524023702a259e308 https://git.kernel.org/stable/c/ec36c134dd020d28e312c2f1766f85525e747aab https://git.kernel.org/stable/c/47aa8fcd5e8b5563af4042a00f25ba89bef8f33d https://git.kernel.org/stable/c/3233d8bf7893550045682192cb227af7fa3defeb https://git.kernel.org/stable/c/ec3634ebe23fc3c44ebc67c6d25917300bc68c08 https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e https://git.kernel.org/stable/c/2cf0005d315549b8d2b940ff96a66c2a889aa795 https://git.kernel.org/stable/c/437b5f57732bb4cc32cc9f8895d2010ee • CWE-416: Use After Free •