Page 230 of 4672 results (0.013 seconds)

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix conn use after free during resets If we haven't done a unbind target call we can race where iscsi_conn_teardown wakes up the EH thread and then frees the conn while those threads are still accessing the conn ehwait. We can only do one TMF per session so this just moves the TMF fields from the conn to the session. We can then rely on the iscsi_session_teardown->iscsi_remove_session->__iscsi_unbind_session call to remove the target and it's devices, and know after that point there is no device or scsi-ml callout trying to access the session. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: iscsi: corrige el uso de la conexión después de liberarla durante los reinicios. Si no hemos realizado una llamada de destino de desvinculación, podemos correr donde iscsi_conn_teardown activa el subproceso EH y luego libera la conexión mientras esos Los hilos todavía están accediendo a la conexión ehwait. Solo podemos hacer un TMF por sesión, por lo que esto simplemente mueve los campos TMF de la conexión a la sesión. • https://git.kernel.org/stable/c/bf20d85a88384574fabb3d53ad62a8af57e7ab11 https://git.kernel.org/stable/c/d04958a348e560938410e04a12fb99da9c7e6a00 https://git.kernel.org/stable/c/89812e7957ab0746eab66ed6fc49d52bb4dca250 https://git.kernel.org/stable/c/f0a031f7c55ffd944fead1ddaf2aa94df9a158c1 https://git.kernel.org/stable/c/fa9542b35ceb4202e8f8d65f440529a63524dca9 https://git.kernel.org/stable/c/ec29d0ac29be366450a7faffbcf8cba3a6a3b506 •

CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less than 0. The reference counting issue happens in some error handling paths of arm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get() fails, the caller functions forget to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak. Fix this issue by calling pm_runtime_resume_and_get() instead of pm_runtime_get_sync() in arm_smmu_rpm_get(), which can keep the refcount balanced in case of failure. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/arm-smmu: corrige la fuga de refcount de arm_smmu_device cuando falla arm_smmu_rpm_get arm_smmu_rpm_get() invoca pm_runtime_get_sync(), lo que aumenta el refcount de "smmu" aunque el valor de retorno sea menor que 0. El problema del conteo de referencias ocurre en algunas rutas de manejo de errores de arm_smmu_rpm_get() en sus funciones de llamada. Cuando arm_smmu_rpm_get() falla, las funciones de la persona que llama se olvidan de disminuir el recuento de "smmu" aumentado en arm_smmu_rpm_get(), lo que provoca una fuga de recuento. • https://git.kernel.org/stable/c/3761ae0d0e549f2acdaf11f49df4ed06d256b20f https://git.kernel.org/stable/c/c4007596fbdabc29f858dc2e1990858a146b60b2 https://git.kernel.org/stable/c/fbf4daa6f4105e01fbd3868006f65c163365c1e3 https://git.kernel.org/stable/c/fe92c058199067ae90cf2a901ddf3c271893557a https://git.kernel.org/stable/c/1adf30f198c26539a62d761e45af72cde570413d • CWE-911: Improper Update of Reference Count •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation The reference counting issue happens in several exception handling paths of arm_smmu_iova_to_phys_hard(). When those error scenarios occur, the function forgets to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak. Fix this issue by jumping to "out" label when those error scenarios occur. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iommu/arm-smmu: corrige la fuga de recuento de referencias de arm_smmu_device en la traducción de direcciones. El problema de recuento de referencias ocurre en varias rutas de manejo de excepciones de arm_smmu_iova_to_phys_hard(). Cuando ocurren esos escenarios de error, la función se olvida de disminuir el recuento de "smmu" aumentado en arm_smmu_rpm_get(), lo que provoca una fuga de recuento. • https://git.kernel.org/stable/c/b11220803ad14a2a880cc06d8e01fe2548cc85b0 https://git.kernel.org/stable/c/43d1aaa1965f9b58035196dac49b1e1e6c9c25eb https://git.kernel.org/stable/c/0f0c5ea09139777d90729d408b807021f2ea6492 https://git.kernel.org/stable/c/5f9741a9a91f25c89e04b408cd61e3ab050ce24b https://git.kernel.org/stable/c/7c8f176d6a3fa18aa0f8875da6f7c672ed2a8554 •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free in wdt_startup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perro guardián: soluciona el posible use after free en wdt_startup(). La ruta de eliminación de este módulo llama a del_timer(). • https://git.kernel.org/stable/c/63a3dc24bd053792f84cb4eef0168b1266202a02 https://git.kernel.org/stable/c/862f2b5a7c38762ac9e369daefbf361a91aca685 https://git.kernel.org/stable/c/0ac50a76cf3cd63db000648b3b19f3f98b8aaa76 https://git.kernel.org/stable/c/dc9403097be52d57a5c9c35efa9be79d166a78af https://git.kernel.org/stable/c/146cc288fb80c662c9c35e7bc58325d1ac0a7875 https://git.kernel.org/stable/c/a397cb4576fc2fc802562418b3a50b8f67d60d31 https://git.kernel.org/stable/c/b4ebf4a4692e84163a69444c70ad515de06e2259 https://git.kernel.org/stable/c/8adbbe6c86bb13e14f8a19e036ae5f4f5 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: watchdog: sc520_wdt: corrige posible use after free en wdt_turnoff(). La ruta de eliminación de este módulo llama a del_timer(). • https://git.kernel.org/stable/c/0015581a79bbf8e521f85dddb7d3e4a66b9f51d4 https://git.kernel.org/stable/c/b4565a8a2d6bffb05bfbec11399d261ec16fe373 https://git.kernel.org/stable/c/2aef07017fae21c3d8acea9656b10e3b9c0f1e04 https://git.kernel.org/stable/c/522e75ed63f67e815d4ec0deace67df22d9ce78e https://git.kernel.org/stable/c/7c56c5508dc20a6b133bc669fc34327a6711c24c https://git.kernel.org/stable/c/a173e3b62cf6dd3c4a0a10c8a82eedfcae81a566 https://git.kernel.org/stable/c/b3c41ea5bc34d8c7b19e230d80e0e555c6f5057d https://git.kernel.org/stable/c/f0feab82f6a0323f54d85e8b512a2be64 • CWE-416: Use After Free •