Page 255 of 3364 results (0.014 seconds)

CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: no permitir conjuntos anónimos con indicador de tiempo de espera Los conjuntos anónimos nunca se usan con tiempo de espera del espacio de usuario, rechace esto. La excepción a esta regla es NFT_SET_EVAL para garantizar que los medidores heredados sigan funcionando. • https://git.kernel.org/stable/c/761da2935d6e18d178582dbdf315a3a458555505 https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9 https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351 https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199 https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12 https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94de • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •

CVSS: 2.5EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: no permite el tiempo de espera para conjuntos anónimos Nunca se usa desde el espacio de usuario, no permita estos parámetros. A vulnerability was found in netfilter/nf_tables componets of Linux Kernel allows an userspace to set timeouts for anonymous sets, which are not intended to be used this way. This could lead to unexpected behaviour or security issues. • https://git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058c https://git.kernel.org/stable/c/49ce99ae43314d887153e07cec8bb6a647a19268 https://git.kernel.org/stable/c/6f3ae02bbb62f151b19162d5fdc9fe3d48450323 https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024&# • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will become: addr of zone0 = BASE addr of zone1 = BASE + zone_size addr of zone2 = BASE + zone_size*2 ... The address of zone1/3/5/7 will be mapped to non-alignment va. Eventually crashes will occur when accessing these va. So, use ALIGN_DOWN() to make sure the zone size is even to avoid this bug. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pstore/ram: soluciona el fallo al establecer el número de CPU en un número impar. Cuando el número de núcleos de CPU se ajusta a 7 u otros números impares, el tamaño de la zona se convertirá en un número impar. La dirección de la zona se convertirá en: dirección de zona0 = BASE dirección de zona1 = BASE + tamaño_zona dirección de zona2 = BASE + tamaño_zona*2 ... La dirección de zona1/3/5/7 se asignará a va no alineada . • https://git.kernel.org/stable/c/8b69c30f4e8b69131d92096cb296dc1f217101e4 https://git.kernel.org/stable/c/e9f6ac50890104fdf8194f2865680689239d30fb https://git.kernel.org/stable/c/a63e48cd835c34c38ef671d344cc029b1ea5bf10 https://git.kernel.org/stable/c/2a37905d47bffec61e95d99f0c1cc5dc6377956c https://git.kernel.org/stable/c/75b0f71b26b3ad833c5c0670109c0af6e021e86a https://git.kernel.org/stable/c/0593cfd321df9001142a9d2c58d4144917dff7ee https://git.kernel.org/stable/c/cd40e43f870cf21726b22487a95ed223790b3542 https://git.kernel.org/stable/c/d49270a04623ce3c0afddbf3e984cb245 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "dev_search_path" can technically be as large as PATH_MAX, there was a risk of truncation when copying it and a second string into "full_path" since it was also PATH_MAX sized. The W=1 builds were reporting this warning: drivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra': drivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] 616 | snprintf(full_path, PATH_MAX, "%s/%s", | ^~ In function 'rnbd_srv_get_full_path', inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096 616 | snprintf(full_path, PATH_MAX, "%s/%s", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 617 | dev_search_path, dev_name); | ~~~~~~~~~~~~~~~~~~~~~~~~~~ To fix this, unconditionally check for truncation (as was already done for the case where "%SESSNAME%" was present). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: block/rnbd-srv: Comprueba si hay un desbordamiento de cadena improbable. Dado que "dev_search_path" técnicamente puede ser tan grande como PATH_MAX, existía el riesgo de truncamiento al copiarlo y una segunda cadena en " full_path" ya que también tenía un tamaño PATH_MAX. Las compilaciones W=1 informaban esta advertencia: drivers/block/rnbd/rnbd-srv.c: En función 'process_msg_open.isra': drivers/block/rnbd/rnbd-srv.c:616:51: advertencia: '% La salida de la directiva s se puede truncar escribiendo hasta 254 bytes en una región de tamaño entre 0 y 4095 [-Wformat-truncation=] 616 | snprintf(full_path, PATH_MAX, "%s/%s", | ^~ En la función 'rnbd_srv_get_full_path', insertada desde 'process_msg_open.isra' en drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block /rnbd/rnbd-srv.c:616:17: nota: 'snprintf' genera entre 2 y 4351 bytes en un destino de tamaño 4096 616 | snprintf(full_path, PATH_MAX, "%s/%s", | ^~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 617 | dev_search_path, dev_name); | ~~~~~~~ ~~~~~~~~~~~~~~~~~~~ Para solucionar este problema, verifique incondicionalmente el truncamiento (como ya se hizo en el caso en el que "%SESSNAME%" estaba presente). • https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7 https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7 https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827 https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339 https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html •

CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point way past switchtec_pci_remove(). Otherwise the last ref would vanish with the trailing put_device(), just before return. At that later point in time, the devm cleanup has already removed the stdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause a fatal page fault, and the subsequent dma_free_coherent(), if reached, would pass a stale &stdev->pdev->dev pointer. Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after stdev_kill(). • https://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355 https://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8 https://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a https://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3 https://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693 https://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66 https://lists.debian.org/debian-lts-announce/2024/06/ •