Page 286 of 2610 results (0.012 seconds)

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() Subject: [PATCH] drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() If some the pages or sgt allocation failed, we shouldn't release the pages ref we got earlier, otherwise we will end up with unbalanced get/put_pages() calls. We should instead leave everything in place and let the BO release function deal with extra cleanup when the object is destroyed, or let the fault handler try again next time it's called. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/panfrost: corrige la ruta de error en panfrost_mmu_map_fault_addr() Asunto: [PATCH] drm/panfrost: corrige la ruta de error en panfrost_mmu_map_fault_addr() Si algunas páginas o la asignación de sgt fallaron, No deberíamos publicar la referencia de páginas que obtuvimos anteriormente, de lo contrario terminaremos con llamadas get/put_pages() desequilibradas. En su lugar, deberíamos dejar todo en su lugar y dejar que la función de liberación de BO se encargue de una limpieza adicional cuando se destruya el objeto, o dejar que el controlador de fallos lo intente nuevamente la próxima vez que se llame. • https://git.kernel.org/stable/c/187d2929206e6b098312c174ea873e4cedf5420d https://git.kernel.org/stable/c/31806711e8a4b75e09b1c43652f2a6420e6e1002 https://git.kernel.org/stable/c/e18070c622c63f0cab170348e320454728c277aa https://git.kernel.org/stable/c/1fc9af813b25e146d3607669247d0f970f5a87c3 http://www.openwall.com/lists/oss-security/2024/05/30/1 http://www.openwall.com/lists/oss-security/2024/05/30/2 •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend modes[] the same protection or by the time we use it the elements may already be pointing to freed/reused memory. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/client: Protege completamente los modos[] con dev->mode_config.mutex. La matriz modes[] contiene punteros a los modos en las listas de modos de los conectores, que están protegidos por dev- >mode_config.mutex. Por lo tanto, necesitamos extender modes[] la misma protección o, cuando la usemos, es posible que los elementos ya estén apuntando a la memoria liberada/reutilizada. • https://git.kernel.org/stable/c/5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e https://git.kernel.org/stable/c/41586487769eede64ab1aa6c65c74cbf76c12ef0 https://git.kernel.org/stable/c/d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949 https://git.kernel.org/stable/c/18c8cc6680ce938d0458859b6a08b4d34f7d8055 https://git.kernel.org/stable/c/04e018bd913d3d3336ab7d21c2ad31a9175fe984 https://git.kernel.org/stable/c/8ceb873d816786a7c8058f50d903574aff8d3764 https://git.kernel.org/stable/c/3eadd887dbac1df8f25f701e5d404d1b90fd0fea https://lists.debian.org/debian-lts-announce/2024/06/ •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set on the header flags. This leaves a gap in our checking, because we could end up with corruption on disk where WRITTEN isn't set on the leaf, and then the extended leaf checks don't get run which we rely on to validate all of the item pointers to make sure we don't access memory outside of the extent buffer. However, since 732fab95abe2 ("btrfs: check-integrity: remove CONFIG_BTRFS_FS_CHECK_INTEGRITY option") we no longer call btrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only ever call it on blocks that are being written out, and thus have WRITTEN set, or that are being read in, which should have WRITTEN set. Add checks to make sure we have WRITTEN set appropriately, and then make sure __btrfs_check_leaf() always does the item checking. This will protect us from file systems that have been corrupted and no longer have WRITTEN set on some of the blocks. This was hit on a crafted image tweaking the WRITTEN bit and reported by KASAN as out-of-bound access in the eb accessors. The example is a dir item at the end of an eb. [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2 [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f] [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1 [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0 [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206 [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0 [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748 [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9 [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8 [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000 [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0 [2.621] Call Trace: [2.621] <TASK> [2.621] ? show_regs+0x74/0x80 [2.621] ? die_addr+0x46/0xc0 [2.621] ? • https://git.kernel.org/stable/c/ef3ba8ce8cf7075b716aa4afcefc3034215878ee https://git.kernel.org/stable/c/e03418abde871314e1a3a550f4c8afb7b89cb273 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534 •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low priority, since the whole superblock is checksummed, validated prior to write, and we have backups. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bcachefs: comprueba si hay entradas de diario que sobrepasen el final de la sección de limpieza de sb. Corrige una comprobación de límites faltantes en la validación de superbloque. Tenga en cuenta que todavía no tenemos un código de reparación para este caso; el código de reparación para elementos individuales generalmente tiene una prioridad baja, ya que todo el superbloque se suma, se valida antes de escribir y tenemos copias de seguridad. • https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dyndbg: corrige el antiguo BUG_ON en &gt;control parser. Corrige un BUG_ON de 2009. Incluso si parece "unreachable" (realmente no lo miré), asegurémonos eliminándolo. haciendo pr_err y devuelve -EINVAL en su lugar. • https://git.kernel.org/stable/c/3c718bddddca9cbef177ac475b94c5c91147fb38 https://git.kernel.org/stable/c/343081c21e56bd6690d342e2f5ae8c00183bf081 https://git.kernel.org/stable/c/41d8ac238ab1cab01a8c71798d61903304f4e79b https://git.kernel.org/stable/c/ba3c118cff7bcb0fe6aa84ae1f9080d50e31c561 https://git.kernel.org/stable/c/a66c869b17c4c4dcf81d273b02cb0efe88e127ab https://git.kernel.org/stable/c/a69e1bdd777ce51061111dc419801e8a2fd241cc https://git.kernel.org/stable/c/529e1852785599160415e964ca322ee7add7aef0 https://git.kernel.org/stable/c/00e7d3bea2ce7dac7bee1cf501fb071fd •