Page 249 of 3586 results (0.014 seconds)

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Use the correct type instead here. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efi/capsule-loader: corrige el tamaño de asignación incorrecto gcc-14 advierte que la asignación con sizeof(void) en arquitecturas de 32 bits no es suficiente para phys_addr_t: drivers de 64 bits /firmware/efi/capsule-loader.c: En función 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: asignación de tamaño '4' insuficiente para el tipo 'phys_addr_t' {alias ' long long unsigned int'} con tamaño '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Utilice el tipo correcto aquí. • https://git.kernel.org/stable/c/f24c4d478013d82bd1b943df566fff3561d52864 https://git.kernel.org/stable/c/95a362c9a6892085f714eb6e31eea6a0e3aa93bf https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64 https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050 https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66df •

CVSS: -EPSS: 0%CPEs: 10EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ The bq27xxx i2c-client may not have an IRQ, in which case client->irq will be 0. bq27xxx_battery_i2c_probe() already has an if (client->irq) check wrapping the request_threaded_irq(). But bq27xxx_battery_i2c_remove() unconditionally calls free_irq(client->irq) leading to: [ 190.310742] ------------[ cut here ]------------ [ 190.310843] Trying to free already-free IRQ 0 [ 190.310861] WARNING: CPU: 2 PID: 1304 at kernel/irq/manage.c:1893 free_irq+0x1b8/0x310 Followed by a backtrace when unbinding the driver. Add an if (client->irq) to bq27xxx_battery_i2c_remove() mirroring probe() to fix this. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: alimentación: suministro: bq27xxx-i2c: no liberar IRQ no existente Es posible que el cliente bq27xxx i2c no tenga una IRQ, en cuyo caso client->irq será 0. bq27xxx_battery_i2c_probe( ) ya tiene una verificación if (cliente->irq) que envuelve request_threaded_irq(). Pero bq27xxx_battery_i2c_remove() llama incondicionalmente a free_irq(cliente->irq) lo que lleva a: [190.310742] ------------[ cortar aquí ]------------ [ 190.310843] Intentando liberar IRQ 0 [190.310861] que ya está libre ADVERTENCIA: CPU: 2 PID: 1304 en kernel/irq/manage.c:1893 free_irq+0x1b8/0x310 Seguido de un seguimiento al desvincular el controlador. Agregue un if (cliente->irq) a bq27xxx_battery_i2c_remove() mirroring probe() para solucionar este problema. • https://git.kernel.org/stable/c/76d2ed844def0cb8704d766924b07b2a918b3e30 https://git.kernel.org/stable/c/dafe9136be7b7fc30f1f3ca410c15b7cc65bee44 https://git.kernel.org/stable/c/1da9a4b55a6688e3a30c16d0cf2e7c6a90a684fb https://git.kernel.org/stable/c/e01820a94aea99296e500f54b3f36a2985061045 https://git.kernel.org/stable/c/e65fee45687fa2109e03056a696dc7d68a151296 https://git.kernel.org/stable/c/444ff00734f3878cd54ddd1ed5e2e6dbea9326d5 https://git.kernel.org/stable/c/ca4a2ddd2e69ca82ca5992d4c49649b2cbac3b74 https://git.kernel.org/stable/c/28960625adaaf3fa3d83c8d3596661d25 •

CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr() En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Se corrigió la verificación de desbordamiento en mi_enum_attr() • https://git.kernel.org/stable/c/8c77398c72618101d66480b94b34fe9087ee3d08 https://git.kernel.org/stable/c/1c0a95d99b1b2b5d842e5abc7ef7eed1193b60d7 https://git.kernel.org/stable/c/652cfeb43d6b9aba5c7c4902bed7a7340df131fb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a proper NTB. When the NTB is parsed, unwrap call looks for any leftover bytes in SKB provided by u_ether and if there are any pending bytes, it treats them as a separate NTB and parses it. But in case the second NTB (as per unwrap call) is faulty/corrupt, all the datagrams that were parsed properly in the first NTB and saved in rx_list are dropped. Adding a few custom traces showed the following: [002] d..1 7828.532866: dwc3_gadget_giveback: ep1out: req 000000003868811a length 1025/16384 zsI ==> 0 [002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb toprocess: 1025 [002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342 [002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb seq: 0xce67 [002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x400 [002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb ndp_len: 0x10 [002] d..1 7828.532869: ncm_unwrap_ntb: K: Parsed NTB with 1 frames In this case, the giveback is of 1025 bytes and block length is 1024. The rest 1 byte (which is 0x00) won't be parsed resulting in drop of all datagrams in rx_list. Same is case with packets of size 2048: [002] d..1 7828.557948: dwc3_gadget_giveback: ep1out: req 0000000011dfd96e length 2049/16384 zsI ==> 0 [002] d..1 7828.557949: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342 [002] d..1 7828.557950: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x800 Lecroy shows one byte coming in extra confirming that the byte is coming in from PC: Transfer 2959 - Bytes Transferred(1025) Timestamp((18.524 843 590) - Transaction 8391 - Data(1025 bytes) Timestamp(18.524 843 590) --- Packet 4063861 Data(1024 bytes) Duration(2.117us) Idle(14.700ns) Timestamp(18.524 843 590) --- Packet 4063863 Data(1 byte) Duration(66.160ns) Time(282.000ns) Timestamp(18.524 845 722) According to Windows driver, no ZLP is needed if wBlockLength is non-zero, because the non-zero wBlockLength has already told the function side the size of transfer to be expected. However, there are in-market NCM devices that rely on ZLP as long as the wBlockLength is multiple of wMaxPacketSize. To deal with such devices, it pads an extra 0 at end so the transfer is no longer multiple of wMaxPacketSize. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: ncm: Evite soltar datagramas de NTB analizados correctamente. • https://git.kernel.org/stable/c/9f6ce4240a2bf456402c15c06768059e5973f28c https://git.kernel.org/stable/c/059285e04ebb273d32323fbad5431c5b94f77e48 https://git.kernel.org/stable/c/a31cf46d108dabce3df80b3e5c07661e24912151 https://git.kernel.org/stable/c/57ca0e16f393bb21d69734e536e383a3a4c665fd https://git.kernel.org/stable/c/2cb66b62a5d64ccf09b0591ab86fb085fa491fc5 https://git.kernel.org/stable/c/35b604a37ec70d68b19dafd10bbacf1db505c9ca https://git.kernel.org/stable/c/2b7ec68869d50ea998908af43b643bca7e54577e https://git.kernel.org/stable/c/c7f43900bc723203d7554d299a2ce8440 • CWE-476: NULL Pointer Dereference •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skb_queue_empty() use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skb_peek() unexpectedly returning NULL or a pointer to an already dequeued socket buffer. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phonet/pep: corrige el uso picante de skb_queue_empty() Las colas de recepción están protegidas por sus respectivos spin-lock, no por el socket lock. Esto podría provocar que skb_peek() devuelva inesperadamente NULL o un puntero a un búfer de socket ya retirado de la cola. • https://git.kernel.org/stable/c/9641458d3ec42def729fde64669abf07f3220cd5 https://git.kernel.org/stable/c/9d5523e065b568e79dfaa2ea1085a5bcf74baf78 https://git.kernel.org/stable/c/0a9f558c72c47472c38c05fcb72c70abb9104277 https://git.kernel.org/stable/c/8ef4fcc7014b9f93619851d6b78d6cc2789a4c88 https://git.kernel.org/stable/c/7d2a894d7f487dcb894df023e9d3014cf5b93fe5 •