Page 239 of 2651 results (0.018 seconds)

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system to enter suspend status with below command: echo mem > /sys/power/state There will be a deadlock issue occurring. Detailed invoking path as below: dwc3_suspend_common() spin_lock_irqsave(&dwc->lock, flags); <-- 1st dwc3_gadget_suspend(dwc); dwc3_gadget_soft_disconnect(dwc); spin_lock_irqsave(&dwc->lock, flags); <-- 2nd This issue is exposed by commit c7ebd8149ee5 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") that removes the code of checking whether dwc->gadget_driver is NULL or not. It causes the following code is executed and deadlock occurs when trying to get the spinlock. In fact, the root cause is the commit 5265397f9442("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") that forgot to remove the lock of otg mode. So, remove the redundant lock of otg mode during gadget suspend/resume. • https://git.kernel.org/stable/c/2fa487a9466760a4fb6f147aed6219379dabfc2e https://git.kernel.org/stable/c/5265397f94424eaea596026fd34dc7acf474dcec https://git.kernel.org/stable/c/7026576e89094aa9a0062aa6d10cba18aa99944c https://git.kernel.org/stable/c/d77e2b5104c51d3668b9717c825a4a06998efe63 https://git.kernel.org/stable/c/17e2956633ca560b95f1cbbb297cfc2adf650649 https://git.kernel.org/stable/c/f1274cfab183e69a7c7bafffcb4f50703c876276 https://git.kernel.org/stable/c/7838de15bb700c2898a7d741db9b1f3cbc86c136 •

CVSS: 5.7EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake. An unexpected file truncate flaw was found when opening files with specific parameters in the Linux kernel's file-system. This vulnerability allows a local user to corrupt specific files when having access to these files. • https://git.kernel.org/stable/c/3f6d078d4accfff8b114f968259a060bfdc7c682 https://git.kernel.org/stable/c/c329760749b5419769e57cb2be80955d2805f9c9 https://git.kernel.org/stable/c/f531d4bc6c5588d713359e42ed65e46816d841d8 https://git.kernel.org/stable/c/84bf6b64a1a0dfc6de7e1b1c776d58d608e7865a https://git.kernel.org/stable/c/dbb226d81cd02cee140139c2369791e6f61f2007 https://git.kernel.org/stable/c/5ae6af68410bdad6181ec82104bb9985a7a6a0fa https://git.kernel.org/stable/c/836359247b0403e0634bfbc83e5bb8063fad287a https://git.kernel.org/stable/c/930a4c369f74da26816eaaa71b5888d29 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtable_init() fails when some fields of rhashtable_params struct are not initialized properly. The second case cannot happen since there is a static const rhashtable_params struct with valid fields. So, warning is only triggered when there is a problem with memory allocation. Thus, there is no sense in using WARN() to handle this error and it can be safely removed. WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Call Trace: xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [inline] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Found by Linux Verification Center (linuxtesting.org) with syzkaller. • https://git.kernel.org/stable/c/8d5d88527587516bd58ff0f3810f07c38e65e2be https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0 https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54 https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2 https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4 https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4 https://access.redhat.com/security/cve/CVE-2024-42082 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid address access struct rdma_restrack_entry's kern_name was set to KBUILD_MODNAME in ib_create_cq(), while if the module exited but forgot del this rdma_restrack_entry, it would cause a invalid address access in rdma_restrack_clean() when print the owner of this rdma_restrack_entry. These code is used to help find one forgotten PD release in one of the ULPs. But it is not needed anymore, so delete them. • https://git.kernel.org/stable/c/8656ef8a9288d6c932654f8d3856dc4ab1cfc6b5 https://git.kernel.org/stable/c/782bdaf9d01658281bc813f3f873e6258aa1fd8d https://git.kernel.org/stable/c/8ac281d42337f36cf7061cf1ea094181b84bc1a9 https://git.kernel.org/stable/c/f45b43d17240e9ca67ebf3cc82bb046b07cc1c61 https://git.kernel.org/stable/c/ca537a34775c103f7b14d7bbd976403f1d1525d8 •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix NULL pointer dereference in gfs2_log_flush In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush lock to provide exclusion against gfs2_log_flush(). In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before dereferencing it. Otherwise, we could run into a NULL pointer dereference when outstanding glock work races with an unmount (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> gfs2_log_flush). • https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828 https://access.redhat.com/security/cve/CVE-2024-42079 https://bugzilla.redhat.com/show_bug.cgi?id=2300517 • CWE-476: NULL Pointer Dereference •