Page 288 of 3167 results (0.014 seconds)

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for the packet is 3 bytes too small and write_tag_66_packet() will write up to 3 bytes past the end of the buffer. Fix this by increasing the size of the allocation so the whole packet will always fit in the buffer. This fixes the below kasan slab-out-of-bounds bug: BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0 Write of size 1 at addr ffff88800afbb2a5 by task touch/181 CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x4c/0x70 print_report+0xc5/0x610 ? ecryptfs_generate_key_packet_set+0x7d6/0xde0 ? kasan_complete_mode_report_info+0x44/0x210 ? ecryptfs_generate_key_packet_set+0x7d6/0xde0 kasan_report+0xc2/0x110 ? • https://git.kernel.org/stable/c/dddfa461fc8951f9b5f951c13565b6cac678635a https://git.kernel.org/stable/c/1c125b9287e58f364d82174efb167414b92b11f1 https://git.kernel.org/stable/c/235b85981051cd68fc215fd32a81c6f116bfc4df https://git.kernel.org/stable/c/edbfc42ab080e78c6907d40a42c9d10b69e445c1 https://git.kernel.org/stable/c/12db25a54ce6bb22b0af28010fff53ef9cb3fe93 https://git.kernel.org/stable/c/0d0f8ba042af16519f1ef7dd10463a33b21b677c https://git.kernel.org/stable/c/2ed750b7ae1b5dc72896d7dd114c419afd3d1910 https://git.kernel.org/stable/c/a20f09452e2f58f761d11ad7b96b5c894 •

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. Counter numbers, needed for this are unrealistically high, but buffer overflow is still possible. Use snprintf() with buffer size instead of sprintf(). Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rcu-tasks: Corrige show_rcu_tasks_trace_gp_kthread desbordamiento del búfer. Existe la posibilidad de que se produzca un desbordamiento del búfer en show_rcu_tasks_trace_gp_kthread() si los contadores pasados a sprintf() son enormes. Los números de contador necesarios para esto son excesivamente altos, pero aún es posible un desbordamiento del búfer. • https://git.kernel.org/stable/c/edf3775f0ad66879796f594983163f672c4bf1a2 https://git.kernel.org/stable/c/17c43211d45f13d1badea3942b76bf16bcc49281 https://git.kernel.org/stable/c/af7b560c88fb420099e29890aa682b8a3efc8784 https://git.kernel.org/stable/c/08186d0c5fb64a1cc4b43e009314ee6b173ed222 https://git.kernel.org/stable/c/32d988f48ed287e676a29a15ac30701c35849aec https://git.kernel.org/stable/c/6593d857ce5b5b802fb73d8091ac9c84b92c1697 https://git.kernel.org/stable/c/1a240e138071b25944ded0f5b3e357aa99fabcb7 https://git.kernel.org/stable/c/cc5645fddb0ce28492b15520306d09273 •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers sometimes get very confused about time, which can result in full-sized integers, and, in this case, buffer overflow. Also, the unsigned jiffies difference is printed using %ld, which is normally for signed integers. This is intentional for debugging purposes, but it is not obvious from the code. This commit therefore changes sprintf() to snprintf() and adds a clarifying comment about intention of %ld format. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rcu: corrige el desbordamiento del búfer en print_cpu_stall_info() La salida rcuc-starvation de print_cpu_stall_info() podría desbordar el búfer si hay una gran diferencia en santiamén. La situación puede parecer improbable, pero las computadoras a veces se confunden mucho con el tiempo, lo que puede resultar en números enteros de tamaño completo y, en este caso, en un desbordamiento del búfer. • https://git.kernel.org/stable/c/245a62982502255314b63dd2c4daaedd1cd595a6 https://git.kernel.org/stable/c/e2228ed3fe7aa838fba87c79a76fb1ad9ea47138 https://git.kernel.org/stable/c/afb39909bfb5c08111f99e21bf5be7505f59ff1c https://git.kernel.org/stable/c/9351e1338539cb7f319ffc1210fa9b2aa27384b5 https://git.kernel.org/stable/c/4c3e2ef4d8ddd313c8ce3ac30505940bea8d6257 https://git.kernel.org/stable/c/3758f7d9917bd7ef0482c4184c0ad673b4c4e069 • CWE-121: Stack-based Buffer Overflow •

CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: pcie: handle randbuf allocation failure The kzalloc() in brcmf_pcie_download_fw_nvram() will return null if the physical memory has run out. As a result, if we use get_random_bytes() to generate random bytes in the randbuf, the null pointer dereference bug will happen. In order to prevent allocation failure, this patch adds a separate function using buffer on kernel stack to generate random bytes in the randbuf, which could prevent the kernel stack from overflow. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: brcmfmac: pcie: manejar fallo de asignación de randbuf El kzalloc() en brcmf_pcie_download_fw_nvram() devolverá nulo si la memoria física se ha agotado. Como resultado, si usamos get_random_bytes() para generar bytes aleatorios en randbuf, se producirá el error de desreferencia del puntero nulo. Para evitar fallas en la asignación, este parche agrega una función separada que utiliza el búfer en la pila del kernel para generar bytes aleatorios en randbuf, lo que podría evitar que la pila del kernel se desborde. • https://git.kernel.org/stable/c/c35105f375b530bc27e03ea9250b1c26dd4cae86 https://git.kernel.org/stable/c/91918ce88d9fef408bb12c46a27c73d79b604c20 https://git.kernel.org/stable/c/ba72baed066f3bfa8b489e4b58f1fcaf51c04f83 https://git.kernel.org/stable/c/0eb2c0528e232b3c32cde9d5e1c9f80ba2996e49 https://git.kernel.org/stable/c/c37466406f075476c2702ecc01917928af871f3b https://git.kernel.org/stable/c/7c15eb344b0d4d3468c9b2a7591ad2b859b29b88 https://git.kernel.org/stable/c/3729ca9e48d19a03ae049e2bde510e161c2f3720 https://git.kernel.org/stable/c/316f790ebcf94bdf59f794b7cdea4068d • CWE-476: NULL Pointer Dereference •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: libbpf: Prevent null-pointer dereference when prog to load has no BTF In bpf_objec_load_prog(), there's no guarantee that obj->btf is non-NULL when passing it to btf__fd(), and this function does not perform any check before dereferencing its argument (as bpf_object__btf_fd() used to do). As a consequence, we get segmentation fault errors in bpftool (for example) when trying to load programs that come without BTF information. v2: Keep btf__fd() in the fix instead of reverting to bpf_object__btf_fd(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: libbpf: evita la desreferencia del puntero nulo cuando el programa a cargar no tiene BTF. En bpf_objec_load_prog(), no hay garantía de que obj-&gt;btf no sea NULL al pasarlo a btf__fd() , y esta función no realiza ninguna verificación antes de eliminar la referencia a su argumento (como solía hacer bpf_object__btf_fd()). Como consecuencia, obtenemos errores de segmentación en bpftool (por ejemplo) cuando intentamos cargar programas que vienen sin información BTF. v2: Mantenga btf__fd() en la solución en lugar de volver a bpf_object__btf_fd(). • https://git.kernel.org/stable/c/df7c3f7d3a3ddab31ca8cfa9b86a8729ec43fd2e https://git.kernel.org/stable/c/ef80b59acfa4dee4b5eaccb15572b69248831104 https://git.kernel.org/stable/c/1fd91360a75833b7110af9834ae26c977e1273e0 https://git.kernel.org/stable/c/9bf48fa19a4b1d186e08b20bf7e5de26a15644fb •