Page 216 of 5015 results (0.027 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clase stm: corrige un doble free en stm_register_device() La llamada put_device(&stm->dev) activará stm_device_release() que libera "stm" para que vfree(stm) en el La siguiente lín... • https://git.kernel.org/stable/c/389b6699a2aa0b457aa69986e9ddf39f3b4030fd • CWE-415: Double Free •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: fuse: clear FR_SENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300 fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300 Modules linked in: CPU: 0 PID: 8264 Comm: ab2 Not tainted 6.9.0-rc7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300 ...... Call Trace:

CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0

21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check 'folio' pointer for NULL It can be NULL if bmap is called. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0

21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow For example, in the expression: vbo = 2 * vbo + skip • https://git.kernel.org/stable/c/b46acd6a6a627d876898e1c84d3f84902264b445 •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: fs/ntfs3: use una matriz de longitud variable en lugar de un tamaño fijo. Debería corregirse la advertencia de coincidencia: error ntfs_set_label(): __builtin_memcpy() 'uni->name' demasiado pequeño (20 vs 256) • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e • CWE-129: Improper Validation of Array Index •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add callback function pointer check before its call In dpu_core_irq_callback_handler() callback function pointer is compared to NULL, but then callback function is unconditionally called by this pointer. Fix this bug by adding conditional return. Found by Linux Verification Center (linuxtesting.org) with SVACE. Patchwork: https://patchwork.freedesktop.org/patch/588237/ In the Linux kernel, the following vulnerability has been r... • https://git.kernel.org/stable/c/c929ac60b3ed34accd25a052a4833e418900f466 •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. When the condition is reversed that means the result of the subtraction is always negative but since it's unsigned then the result is a very high positive value. That means the overflow check is never true. • https://git.kernel.org/stable/c/9cb2173e6ea8f2948bd1367c93083a2500fcf08f •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); as gpu->pdev is only assigned in: a6xx_gpu_init() |_ adreno_gpu_init |_ msm_gpu_init() Instead of relying on handwavy null checks down the cleanup chain, explicitly de-allocate the LLC data and free a6xx_gpu instead. Patchwork:... • https://git.kernel.org/stable/c/76efc2453d0e8e5d6692ef69981b183ad674edea •

CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0

21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original implementation didn't actually remove the ALSA controls in hda_cs_dsp_control_remove(). It only freed the internal tracking structure. This meant it was possible to remove/unload the amp driver while leaving its ALSA ... • https://git.kernel.org/stable/c/3233b978af23f11b4ad4f7f11a9a64bd05702b1f • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •

CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0

21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nfc: nci: corrigió el valor uninit en nci_rx_work syzbot... • https://git.kernel.org/stable/c/11387b2effbb55f58dc2111ef4b4b896f2756240 •