Page 22 of 1108 results (0.008 seconds)

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0

29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data") moved the assignment of tx_skbuff_dma[]'s members to be later in stmmac_tso_xmit(). The buf (dma cookie) and len stored in this structure are passed to dma_unmap_single() by stmmac_tx_clean(). The DMA API requires that the dma cookie passed to dma_unmap_single() is the same as the value returned from ... • https://git.kernel.org/stable/c/07c9c26e37542486e34d767505e842f48f29c3f6 •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before shedule link down work, and put the reference after work executed or canceled. The relevant crash call stack as follows: list_del corruption. prev->next should be ffffb638c9c0fe20, but was 0000000000000000 ------------[ cut here ]-------... • https://git.kernel.org/stable/c/541afa10c126b6c22c2a805a559c70cc41fd156e •

CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0

29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic() Packets injected by the CPU should have a SRC_PORT field equal to the CPU port module index in the Analyzer block (ocelot->num_phys_ports). The blamed commit copied the ocelot_ifh_set_basic() call incorrectly from ocelot_xmit_common() in net/dsa/tag_ocelot.c. Instead of calling with "x", it calls with BIT_ULL(x), but the field is not a port mask, but rather a sing... • https://git.kernel.org/stable/c/06bcb9032e05ad717f9fd0a6e2fd3ae7f430fa31 •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash. • https://git.kernel.org/stable/c/82c93a87bf8bc0cdb5ec2ab99da7d87715ff889f •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on failure If register_netdev() fails, then the driver leaks the netdev notifier. Fix this by calling ionic_lif_unregister() on register_netdev() failure. This will also call ionic_lif_unregister_phc() if it has already been registered. In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on failure If register_netdev() fails, then the driver leaks th... • https://git.kernel.org/stable/c/30b87ab4c0b30e0f681cb7dfaab6c642dd17e454 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ionic: no double destroy workqueue There are some FW error handling paths that can cause us to try to destroy the workqueue more than once, so let's be sure we're checking for that. The case where this popped up was in an AER event where the handlers got called in such a way that ionic_reset_prepare() and thus ionic_dev_teardown() got called twice in a row. The second time through the workqueue was already destroyed, and destroy_workqueue()... • https://git.kernel.org/stable/c/9e25450da7006cd6f425248a5b38dad4adb3c981 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: fix nsim_pp_hold_write() nsim_pp_hold_write() has two problems: 1) It may return with rtnl held, as found by syzbot. 2) Its return value does not propagate an error if any. • https://git.kernel.org/stable/c/1580cbcbfe770b0a7fb76735c1a601483335c1c2 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix memory leak on last export_udmabuf() error path In export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a dma_buf owning the udmabuf has already been created; but the error handling in udmabuf_create() will tear down the udmabuf without doing anything about the containing dma_buf. This leaves a dma_buf in memory that contains a dangling pointer; though that doesn't seem to lead to anything bad except a memory l... • https://git.kernel.org/stable/c/fbb0de795078190a9834b3409e4b009cfb18a6d4 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference drm_mode_duplicate() could return NULL due to lack of memory, which will then call NULL pointer dereference. Add a check to prevent it. In the Linux kernel, the following vulnerability has been resolved: drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference drm_mode_duplicate() could return NULL due to lack of memory, which will then call NULL poin... • https://git.kernel.org/stable/c/0ef94554dc40fbdb7e57ff90cd1e7fa71e1e89fd •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_direct_read_write() The bvecs array which is allocated in iter_get_bvecs_alloc() is leaked and pages remain pinned if ceph_alloc_sparse_ext_map() fails. There is no need to delay the allocation of sparse_ext map until after the bvecs array is set up, so fix this by moving sparse_ext allocation a bit earlier. Also, make a similar adjustment in __ceph_sync_read() for consistency (a leak of the same kind in __ceph... • https://git.kernel.org/stable/c/03bc06c7b0bd8d86b9f17f459acaeb1283ba2700 •