Page 22 of 5581 results (0.015 seconds)

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character. This commit checks this condition and returns failure for it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: considerar el carácter NULL al validar la longitud del evento strlen() devuelve una longitud de cadena que excluye el byte nulo. Si la longitud de la cadena es igual a la longitud máxima del búfer, el búfer no tendrá espacio para el carácter de terminación NULL. Esta confirmación verifica esta condición y devuelve un error. • https://git.kernel.org/stable/c/dec65d79fd269d05427c8167090bfc9c3d0b56c4 https://git.kernel.org/stable/c/5e3231b352725ff4a3a0095e6035af674f2d8725 https://git.kernel.org/stable/c/02874ca52df2ca2423ba6122039315ed61c25972 https://git.kernel.org/stable/c/b86b0d6eea204116e4185acc35041ca4ff11a642 https://git.kernel.org/stable/c/f4ed40d1c669bba1a54407d8182acdc405683f29 https://git.kernel.org/stable/c/a14a075a14af8d622c576145455702591bdde09d https://git.kernel.org/stable/c/5fd942598ddeed9a212d1ff41f9f5b47bcc990a7 https://git.kernel.org/stable/c/0b6e2e22cb23105fcb171ab92f0f7516c •

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->current_entry_lock' is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). Fix this by prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update 'admin' immediately before an attempt to schedule freeing. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sched: arreglado use-after-free en taprio_change(). En 'taprio_change()', el puntero 'admin' puede quedar colgando debido al cambio/eliminación de sched causado por 'advance_sched()', y la sección crítica protegida por 'q->current_entry_lock' es demasiado pequeña para evitar tal escenario (que causa el use-after-free detectado por KASAN). Solucione esto al preferir 'rcu_replace_pointer()' sobre 'rcu_assign_pointer()' para actualizar 'admin' inmediatamente antes de un intento de liberación de programación. • https://git.kernel.org/stable/c/a3d43c0d56f1b94e74963a2fbadfb70126d92213 https://git.kernel.org/stable/c/2f868ce6013548a713c431c679ef73747a66fcf3 https://git.kernel.org/stable/c/8a283a19026aaae8a773fd8061263cfa315b127f https://git.kernel.org/stable/c/999612996df28d81f163dad530d7f8026e03aec6 https://git.kernel.org/stable/c/fe371f084073e8672a2d7d46b335c3c060d1e301 https://git.kernel.org/stable/c/0d4c0d2844e4eac3aed647f948fd7e60eea56a61 https://git.kernel.org/stable/c/2240f9376f20f8b6463232b4ca7292569217237f https://git.kernel.org/stable/c/f504465970aebb2467da548f7c1efbbf3 •

CVSS: -EPSS: 0%CPEs: 10EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: SCO: Se corrige que UAF en sco_sock_timeout conn->sk pueda haberse desvinculado/liberado mientras se esperaba sco_conn_lock, por lo que esto verifica si conn->sk aún es válido verificando si es parte de sco_sk_list. • https://git.kernel.org/stable/c/ba316be1b6a00db7126ed9a39f9bee434a508043 https://git.kernel.org/stable/c/fea63ccd928c01573306983346588b26cffb5572 https://git.kernel.org/stable/c/48669c81a65628ef234cbdd91b9395952c7c27fe https://git.kernel.org/stable/c/37d7ae2b0578f2373674a755402ee722e96edc08 https://git.kernel.org/stable/c/a1073aad497d0d071a71f61b721966a176d50c08 https://git.kernel.org/stable/c/ec1f74319bb35c1c90c25014ec0f6ea6c3ca2134 https://git.kernel.org/stable/c/b657bba82ff6a007d84fd076bd73b11131726a2b https://git.kernel.org/stable/c/9ddda5d967e84796e7df1b54a55f36b4b •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/nfsd/threads`, the function `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will release all resources related to the hashed `nfs4_client`. If the `nfsd_client_shrinker` is running concurrently, the `expire_client` function will first unhash this client and then destroy it. This can lead to the following warning. Additionally, numerous use-after-free errors may occur as well. nfsd_client_shrinker echo 0 > /proc/fs/nfsd/threads expire_client nfsd_shutdown_net unhash_client ... nfs4_state_shutdown_net /* won't wait shrinker exit */ /* cancel_work(&nn->nfsd_shrinker_work) * nfsd_file for this /* won't destroy unhashed client1 */ * client1 still alive nfs4_state_destroy_net */ nfsd_file_cache_shutdown /* trigger warning */ kmem_cache_destroy(nfsd_file_slab) kmem_cache_destroy(nfsd_file_mark_slab) /* release nfsd_file and mark */ __destroy_client ==================================================================== BUG nfsd_file (Not tainted): Objects remaining in nfsd_file on __kmem_cache_shutdown() -------------------------------------------------------------------- CPU: 4 UID: 0 PID: 764 Comm: sh Not tainted 6.12.0-rc3+ #1 dump_stack_lvl+0x53/0x70 slab_err+0xb0/0xf0 __kmem_cache_shutdown+0x15c/0x310 kmem_cache_destroy+0x66/0x160 nfsd_file_cache_shutdown+0xac/0x210 [nfsd] nfsd_destroy_serv+0x251/0x2a0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e ==================================================================== BUG nfsd_file_mark (Tainted: G B W ): Objects remaining nfsd_file_mark on __kmem_cache_shutdown() -------------------------------------------------------------------- dump_stack_lvl+0x53/0x70 slab_err+0xb0/0xf0 __kmem_cache_shutdown+0x15c/0x310 kmem_cache_destroy+0x66/0x160 nfsd_file_cache_shutdown+0xc8/0x210 [nfsd] nfsd_destroy_serv+0x251/0x2a0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e To resolve this issue, cancel `nfsd_shrinker_work` using synchronous mode in nfs4_state_shutdown_net. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: cancelar nfsd_shrinker_work usando el modo de sincronización en nfs4_state_shutdown_net. • https://git.kernel.org/stable/c/7c24fa225081f31bc6da6a355c1ba801889ab29a https://git.kernel.org/stable/c/2bbf10861d51dae76c6da7113516d0071c782653 https://git.kernel.org/stable/c/958294a3eb82026fcfff20b0287a90e9c854785e https://git.kernel.org/stable/c/f3ea5ec83d1a827f074b2b660749817e0bf2b23e https://git.kernel.org/stable/c/f965dc0f099a54fca100acf6909abe52d0c85328 https://git.kernel.org/stable/c/add1df5eba163a3a6ece11cb85890e2e410baaea https://git.kernel.org/stable/c/d5ff2fb2e7167e9483846e34148e60c0c016a1f6 •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2)) ? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1)) ? • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025 https://git.kernel.org/stable/c/43b4fa6e0e238c6e2662f4fb61d9f51c2785fb1d https://git.kernel.org/stable/c/234682910971732cd4da96fd95946e296e486b38 https://git.kernel.org/stable/c/6032287747f874b52dc8b9d7490e2799736e035f https://git.kernel.org/stable/c/cd67af3c1762de4c2483ae4dbdd98f9ea8fa56e3 https://git.kernel.org/stable/c/975ede2a7bec52b5da1428829b3439667c8a234b https://git.kernel.org/stable/c/1d7175f9c57b1abf9ecfbdfd53ea76076 •