Page 259 of 5757 results (0.012 seconds)

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the off_reg is sitting in the dst register is not correct given then we cannot just invert the add to a sub or vice versa. As a fix, perform the final bitwise and-op unconditionally into AX from the off_reg, then move the pointer from the src to dst and finally use AX as the source for the original pointer arithmetic operation such that the inve... • https://git.kernel.org/stable/c/ae03b6b1c880a03d4771257336dc3bca156dd51b •

CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0

27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Avoid potential use after free in MHI send It is possible that the MHI ul_callback will be invoked immediately following the queueing of the skb for transmission, leading to the callback decrementing the refcount of the associated sk and freeing the skb. As such the dereference of skb and the increment of the sk refcount must happen before the skb is queued, to avoid the skb to be used after free and potentially the sk to drop it... • https://git.kernel.org/stable/c/6e728f321393b1fce9e1c2c3e55f9f7c15991321 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ovl: fix leaked dentry Since commit 6815f479ca90 ("ovl: use only uppermetacopy state in ovl_lookup()"), overlayfs doesn't put temporary dentry when there is a metacopy error, which leads to dentry leaks when shutting down the related superblock: overlayfs: refusing to follow metacopy origin for (/file0) ... BUG: Dentry (____ptrval____){i=3f33,n=file3} still in use (1) [unmount of overlay overlay] ... WARNING: CPU: 1 PID: 432 at umount_check... • https://git.kernel.org/stable/c/6815f479ca90ee7fd2e28b2a420f796b974155fe • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •

CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0

27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix unconditional security_locked_down() call Currently, the lockdown state is queried unconditionally, even though its result is used only if the PERF_SAMPLE_REGS_INTR bit is set in attr.sample_type. While that doesn't matter in case of the Lockdown LSM, it causes trouble with the SELinux's lockdown hook implementation. SELinux implements the locked_down hook with a check whether the current task's type has the corresponding "lo... • https://git.kernel.org/stable/c/b0c8fdc7fdb77586c3d1937050925b960743306e •

CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0

27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix zcard and zqueue hot-unplug memleak Tests with kvm and a kmemdebug kernel showed, that on hot unplug the zcard and zqueue structs for the unplugged card or queue are not properly freed because of a mismatch with get/put for the embedded kref counter. This fix now adjusts the handling of the kref counters. With init the kref counter starts with 1. This initial value needs to drop to zero with the unregister of the card or qu... • https://git.kernel.org/stable/c/29c2680fd2bf3862ff5cf2957f198512493156f9 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix vm_flags for virtqueue doorbell mapping The virtqueue doorbell is usually implemented via registeres but we don't provide the necessary vma->flags like VM_PFNMAP. This may cause several issues e.g when userspace tries to map the doorbell via vhost IOTLB, kernel may panic due to the page is not backed by page structure. This patch fixes this by setting the necessary vm_flags. With this patch, try to map doorbell via IOTLB wil... • https://git.kernel.org/stable/c/ddd89d0a059d8e9740c75a97e0efe9bf07ee51f9 •

CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0

27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it. Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function. En el kernel de Linux... • https://git.kernel.org/stable/c/4bda2b79a9d04c8ba31681c66e95877dbb433416 •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0

27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mtd: physmap: physmap-bt1-rom: Fix unintentional stack access Cast &data to (char *) in order to avoid unintentionally accessing the stack. Notice that data is of type u32, so any increment to &data will be in the order of 4-byte chunks, and this piece of code is actually intended to be a byte offset. Addresses-Coverity-ID: 1497765 ("Out-of-bounds access") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: physmap: phys... • https://git.kernel.org/stable/c/b3e79e7682e075326df8041b826b03453acacd0a •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_directly+0x128/0x1d0 blk_mq_request_issue_directly+0x4e/0xb0 Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now allocated by upper layers. This fixes smatch warning of srb unintended free. En el kernel de Linux, se ha resuelto la si... • https://git.kernel.org/stable/c/64a8c5018a4b21b04a756a56c495ef47c14e92d9 •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: Fix a resource leak in the remove function A 'tmio_mmc_host_free()' call is missing in the remove function, in order to balance a 'tmio_mmc_host_alloc()' call in the probe. This is done in the error handling path of the probe, but not in the remove function. Add the missing call. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: uniphier-sd: corrige una fuga de recursos en la función de eliminación Fa... • https://git.kernel.org/stable/c/3fd784f745dd1747863775a99ec749619ee6759c •