Page 246 of 4002 results (0.009 seconds)

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error message from causing runtime problems For some drivers, that use the DMA API. This error message can be reached several millions of times per second, causing spam to the kernel's printk buffer and bringing the CPU usage up to 100% (so, it should be rate limited). However, since there is at least one driver that is in the mainline and suffers from the error condition, it is more useful to err_printk() here instead of just rate limiting the error message (in hopes that it will make it easier for other drivers that suffer from this issue to be spotted). En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: dma-debug: evita que un mensaje de error cause problemas de tiempo de ejecución Para algunos controladores, que utilizan la API DMA. Este mensaje de error puede aparecer varios millones de veces por segundo, provocando spam en el búfer printk del kernel y elevando el uso de la CPU hasta el 100% (por lo tanto, debería tener una velocidad limitada). • https://git.kernel.org/stable/c/de4afec2d2946c92c62a15ab341c70b287289e6a https://git.kernel.org/stable/c/510e1a724ab1bf38150be2c1acabb303f98d0047 •

CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Fix potential VPE leak on error In its_vpe_irq_domain_alloc, when its_vpe_init() returns an error, there is an off-by-one in the number of VPEs to be freed. Fix it by simply passing the number of VPEs allocated, which is the index of the loop iterating over the VPEs. [maz: fixed commit message] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: irqchip/gic-v3-its: soluciona una posible fuga de VPE en caso de error. En its_vpe_irq_domain_alloc, cuando its_vpe_init() devuelve un error, hay un error de uno en uno en el número de VPE. para ser liberado. Solucionelo simplemente pasando el número de VPE asignados, que es el índice del bucle que se itera sobre los VPE. [maz: mensaje de confirmación fijo] • https://git.kernel.org/stable/c/7d75bbb4bc1ad90386776459d37e4ddfe605671e https://git.kernel.org/stable/c/7d39992d45acd6f2d6b2f62389c55b61fb3d486b https://git.kernel.org/stable/c/5701e8bff314c155e7afdc467b1e0389d86853d0 https://git.kernel.org/stable/c/42d3711c23781045e7a5cd28536c774b9a66d20b https://git.kernel.org/stable/c/568662e37f927e3dc3e475f3ff7cf4ab7719c5e7 https://git.kernel.org/stable/c/e0c1c2e5da19685a20557a50f10c6aa4fa26aa84 https://git.kernel.org/stable/c/280bef512933b2dda01d681d8cbe499b98fc5bdd https://access.redhat.com/security/cve/CVE-2021-47373 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use after free on rmmod plat_dev->dev->platform_data is released by platform_device_unregister(), use of pclk and hclk is a use-after-free. Since device unregister won't need a clk device we adjust the function call sequence to fix this issue. [ 31.261225] BUG: KASAN: use-after-free in macb_remove+0x77/0xc6 [macb_pci] [ 31.275563] Freed by task 306: [ 30.276782] platform_device_release+0x25/0x80 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: macb: corrige el use after free en rmmod plat_dev->dev->platform_data es publicado por platform_device_unregister(), el uso de pclk y hclk es un use after free. Dado que la cancelación del registro del dispositivo no necesitará un dispositivo clk, ajustamos la secuencia de llamada a la función para solucionar este problema. [31.261225] ERROR: KASAN: use after free en macb_remove+0x77/0xc6 [macb_pci] [31.275563] Liberado por la tarea 306: [30.276782] platform_device_release+0x25/0x80 • https://git.kernel.org/stable/c/a7d521cc726f30b8e679a6f36d04b18a8ab3c536 https://git.kernel.org/stable/c/46670fb832ee80943715df618632ca13c2e96f2b https://git.kernel.org/stable/c/1da750d1e2140ef43d64d17f301ff6f41b45541e https://git.kernel.org/stable/c/7721221e87d25c9840d9ca6b986dbdc410d5ce2b https://git.kernel.org/stable/c/4ad6f2d23b0f6ac0d3e5f3102a4256d1c86c90f5 https://git.kernel.org/stable/c/d82d5303c4c539db86588ffb5dc5b26c3f1513e8 •

CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinity_hint irq_set_affinity_hit() stores a reference to the cpumask_t parameter in the irq descriptor, and that reference can be accessed later from irq_affinity_hint_proc_show(). Since the cpu_mask parameter passed to irq_set_affinity_hit() has only temporary storage (it's on the stack memory), later accesses to it are illegal. Thus reads from the corresponding procfs affinity_hint file can result in paging request oops. The issue is fixed by the get_cpu_mask() helper, which provides a permanent storage for the cpumask_t parameter. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: enetc: corrige el acceso ilegal al leer affinity_hint irq_set_affinity_hit() almacena una referencia al parámetro cpumask_t en el descriptor irq, y se puede acceder a esa referencia más tarde desde irq_affinity_hint_proc_show(). Dado que el parámetro cpu_mask pasado a irq_set_affinity_hit() solo tiene almacenamiento temporal (está en la memoria de la pila), los accesos posteriores a él son ilegales. • https://git.kernel.org/stable/c/d4fd0404c1c95b17880f254ebfee3485693fa8ba https://git.kernel.org/stable/c/4c4c3052911b577920353a7646e4883d5da40c28 https://git.kernel.org/stable/c/6c3f1b741c6c2914ea120e3a5790d3e900152f7b https://git.kernel.org/stable/c/6f329d9da2a5ae032fcde800a99b118124ed5270 https://git.kernel.org/stable/c/7237a494decfa17d0b9d0076e6cee3235719de90 • CWE-400: Uncontrolled Resource Consumption •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read size, the file position or the sum of the two have the upper 32 bits set of the 64-bit value. This is a problem, however, since the file position and length fields of FS.FetchData are *signed* 32-bit values. Fix this by capturing the capability bits obtained from the fileserver when it's sent an FS.GetCapabilities RPC, rather than just discarding them, and then picking out the VICED_CAPABILITY_64BITFILES flag. This can then be used to decide whether to use FS.FetchData or FS.FetchData64 - and also FS.StoreData or FS.StoreData64 - rather than using upper_32_bits() to switch on the parameter values. This capabilities flag could also be used to limit the maximum size of the file, but all servers must be checked for that. Note that the issue does not exist with FS.StoreData - that uses *unsigned* 32-bit values. It's also not a problem with Auristor servers as its YFS.FetchData64 op uses unsigned 64-bit values. This can be tested by cloning a git repo through an OpenAFS client to an OpenAFS server and then doing "git status" on it from a Linux afs client[1]. Provided the clone has a pack file that's in the 2G-4G range, the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index This can be observed in the server's FileLog with something like the following appearing: Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001 Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001 Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154 Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866 ... Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5 Note the file position of 18446744071815340032. This is the requested file position sign-extended. • https://git.kernel.org/stable/c/b9b1f8d5930a813879278d0cbfc8c658d6a038dc https://git.kernel.org/stable/c/e66fc460d6dcf85cf12288e133a081205aebcd97 https://git.kernel.org/stable/c/b537a3c21775075395af475dcc6ef212fcf29db8 •