Page 273 of 2460 results (0.007 seconds)

CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command interface and trigger all completions manually. Kernel log: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. ... RIP: 0010:refcount_warn_saturate+0xd8/0xe0 ... Call Trace: <IRQ> ? __warn+0x79/0x120 ? refcount_warn_saturate+0xd8/0xe0 ? report_bug+0x17c/0x190 ? • https://git.kernel.org/stable/c/27c79b3a9212cf4ba634c157e07d29548181a208 https://git.kernel.org/stable/c/51d138c2610a236c1ed0059d034ee4c74f452b86 https://git.kernel.org/stable/c/2e5d24b3bf091802c5456dc8f8f6a6be4493c8ca https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3 https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0 https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396 https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c326 • CWE-416: Use After Free •

CVSS: -EPSS: 0%CPEs: 10EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issue of net_device There is a reference count leak issue of the object "net_device" in ax25_dev_device_down(). When the ax25 device is shutting down, the ax25_dev_device_down() drops the reference count of net_device one or zero times depending on if we goto unlock_put or not, which will cause memory leak. In order to solve the above issue, decrease the reference count of net_device after dev->ax25_ptr is set to null. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ax25: Solucionar el problema de fuga del recuento de referencias de net_device Hay un problema de fuga del recuento de referencias del objeto "net_device" en ax25_dev_device_down(). Cuando el dispositivo ax25 se está apagando, ax25_dev_device_down() elimina el recuento de referencia de net_device una o cero veces dependiendo de si vamos a unlock_put o no, lo que provocará una pérdida de memoria. Para resolver el problema anterior, reduzca el recuento de referencias de net_device después de que dev-&gt;ax25_ptr se establezca en nulo. • https://git.kernel.org/stable/c/d01ffb9eee4af165d83b08dd73ebdf9fe94a519b https://git.kernel.org/stable/c/ef0a2a0565727a48f2e36a2c461f8b1e3a61922d https://git.kernel.org/stable/c/e2b558fe507a1ed4c43db2b0057fc6e41f20a14c https://git.kernel.org/stable/c/418993bbaafb0cd48f904ba68eeda052d624c821 https://git.kernel.org/stable/c/5ea00fc60676c0eebfa8560ec461209d638bca9d https://git.kernel.org/stable/c/9af0fd5c4453a44c692be0cbb3724859b75d739b https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af694 •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net: fec: remove .ndo_poll_controller to avoid deadlocks There is a deadlock issue found in sungem driver, please refer to the commit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoid deadlocks"). The root cause of the issue is that netpoll is in atomic context and disable_irq() is called by .ndo_poll_controller interface of sungem driver, however, disable_irq() might sleep. After analyzing the implementation of fec_poll_controller(), the fec driver should have the same issue. Due to the fec driver uses NAPI for TX completions, the .ndo_poll_controller is unnecessary to be implemented in the fec driver, so fec_poll_controller() can be safely removed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fec: elimine .ndo_poll_controller para evitar interbloqueos. • https://git.kernel.org/stable/c/7f5c6addcdc039c1a7c435857e6284ecac5d97c8 https://git.kernel.org/stable/c/e2348d8c61d03feece1de4c05f72e6e99f74c650 https://git.kernel.org/stable/c/d38625f71950e79e254515c5fc585552dad4b33e https://git.kernel.org/stable/c/accdd6b912c4219b8e056d1f1ad2e85bc66ee243 https://git.kernel.org/stable/c/87bcbc9b7e0b43a69d44efa5f32f11e32d08fa6f https://git.kernel.org/stable/c/c2e0c58b25a0a0c37ec643255558c5af4450c9f5 •

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, an error message is logged and the function returns false to indicate an error. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:405 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:406 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:407 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: corrige un posible índice fuera de los límites en la función de transformación de color. • https://git.kernel.org/stable/c/b629596072e5fa901c84f9e88d845a696ee32942 https://git.kernel.org/stable/c/604c506ca43fce52bb882cff9c1fdf2ec3b4029c https://git.kernel.org/stable/c/e280ab978c81443103d7c61bdd1d8d708cf6ed6d https://git.kernel.org/stable/c/04bc4d1090c343025d69149ca669a27c5b9c34a7 https://git.kernel.org/stable/c/ced9c4e2289a786b8fa684d8893b7045ea53ef7e https://git.kernel.org/stable/c/98b8a6bfd30d07a19cfacdf82b50f84bf3360869 https://git.kernel.org/stable/c/4e8c8b37ee84b3b19c448d2b8e4c916d2f5b9c86 https://git.kernel.org/stable/c/123edbae64f4d21984359b99c6e79fcde •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card drivers are checking whether a DAI link is present and used on a board to assign the correct parameters and this is done by checking the codec DAI names at probe time. If no real codec is present, assign the dummy codec to the DAI link to avoid NULL pointer during string comparison. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: mediatek: Asignar dummy cuando el códec no está especificado para un enlace DAI Los controladores de la tarjeta de sonido MediaTek están comprobando si hay un enlace DAI presente y utilizado en una placa para asignar los parámetros correctos y esto se realiza comprobando los nombres DAI del códec en el momento de la sonda. Si no hay ningún códec real, asigne el códec ficticio al enlace DAI para evitar el puntero NULL durante la comparación de cadenas. • https://git.kernel.org/stable/c/4302187d955f166c03b4fa7c993b89ffbabfca4e https://git.kernel.org/stable/c/87b8dca6e06f9b1681bc52bf7bfa85c663a11158 https://git.kernel.org/stable/c/cbbcabc7f0979f6542372cf88d7a9da7143a4226 https://git.kernel.org/stable/c/0c052b1c11d8119f3048b1f7b3c39a90500cacf9 https://git.kernel.org/stable/c/5f39231888c63f0a7708abc86b51b847476379d8 •