Page 293 of 3316 results (0.013 seconds)

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcache_rbtree_exit() In regcache_rbtree_insert_to_block(), when 'present' realloc failed, the 'blk' which is supposed to assign to 'rbnode->block' will be freed, so 'rbnode->block' points a freed memory, in the error handling path of regcache_rbtree_init(), 'rbnode->block' will be freed again in regcache_rbtree_exit(), KASAN will report double-free as follows: BUG: KASAN: double-free or invalid-free in kfree+0xce/0x390 Call Trace: slab_free_freelist_hook+0x10d/0x240 kfree+0xce/0x390 regcache_rbtree_exit+0x15d/0x1a0 regcache_rbtree_init+0x224/0x2c0 regcache_init+0x88d/0x1310 __regmap_init+0x3151/0x4a80 __devm_regmap_init+0x7d/0x100 madera_spi_probe+0x10f/0x333 [madera_spi] spi_probe+0x183/0x210 really_probe+0x285/0xc30 To fix this, moving up the assignment of rbnode->block to immediately after the reallocation has succeeded so that the data structure stays valid even if the second reallocation fails. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regmap: corrige posible doble liberación en regcache_rbtree_exit() En regcache_rbtree_insert_to_block(), cuando la realloc 'presente' fallaba, el 'blk' que se supone debe asignarse a 'rbnode->block ' se liberará, por lo que 'rbnode->block' apunta a una memoria liberada, en la ruta de manejo de errores de regcache_rbtree_init(), 'rbnode->block' se liberará nuevamente en regcache_rbtree_exit(), KASAN informará la doble liberación de la siguiente manera : ERROR: KASAN: doble libre o no válido en kfree+0xce/0x390 Rastreo de llamadas: slab_free_freelist_hook+0x10d/0x240 kfree+0xce/0x390 regcache_rbtree_exit+0x15d/0x1a0 regcache_rbtree_init+0x224/0x2c0 regcache_init+0x88d/ 0x1310 __regmap_init+0x3151/ 0x4a80 __devm_regmap_init+0x7d/0x100 madera_spi_probe+0x10f/0x333 [madera_spi] spi_probe+0x183/0x210 Actually_probe+0x285/0xc30 Para solucionar este problema, mueva hacia arriba la asignación de rbnode->block inmediatamente después de que la reasignación se haya realizado correctamente para que la estructura de datos permanezca válido incluso si la segunda reasignación falla. • https://git.kernel.org/stable/c/3f4ff561bc88b074d5e868dde4012d89cbb06c87 https://git.kernel.org/stable/c/e72dce9afbdbfa70d9b44f5908a50ff6c4858999 https://git.kernel.org/stable/c/fc081477b47dfc3a6cb50a96087fc29674013fc2 https://git.kernel.org/stable/c/758ced2c3878ff789801e6fee808e185c5cf08d6 https://git.kernel.org/stable/c/3dae1a4eced3ee733d7222e69b8a55caf2d61091 https://git.kernel.org/stable/c/1cead23c1c0bc766dacb900a3b0269f651ad596f https://git.kernel.org/stable/c/36e911a16b377bde0ad91a8c679069d0d310b1a6 https://git.kernel.org/stable/c/50cc1462a668dc62949a1127388bc3af7 •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handling in batadv_mesh_init(). Before this patch batadv_mesh_init() was calling batadv_mesh_free() in case of any batadv_*_init() calls failure. This approach may work well, when there is some kind of indicator, which can tell which parts of batadv are initialized; but there isn't any. All written above lead to cleaning up uninitialized fields. Even if we hide ODEBUG warning by initializing bat_priv->nc.work, syzbot was able to hit GPF in batadv_nc_purge_paths(), because hash pointer in still NULL. [1] To fix these bugs we can unwind batadv_*_init() calls one by one. It is good approach for 2 reasons: 1) It fixes bugs on error handling path 2) It improves the performance, since we won't call unneeded batadv_*_free() functions. So, this patch makes all batadv_*_init() clean up all allocated memory before returning with an error to no call correspoing batadv_*_free() and open-codes batadv_mesh_free() with proper order to avoid touching uninitialized fields. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: batman-adv: corrección de manejo de errores Syzbot informó advertencia ODEBUG en batadv_nc_mesh_free(). • https://git.kernel.org/stable/c/c6c8fea29769d998d94fcec9b9f14d4b52b349d3 https://git.kernel.org/stable/c/0c6b199f09be489c48622537a550787fc80aea73 https://git.kernel.org/stable/c/07533f1a673ce1126d0a72ef1e4b5eaaa3dd6d20 https://git.kernel.org/stable/c/e50f957652190b5a88a8ebce7e5ab14ebd0d3f00 https://git.kernel.org/stable/c/fbf150b16a3635634b7dfb7f229d8fcd643c6c51 https://git.kernel.org/stable/c/6422e8471890273994fe8cc6d452b0dcd2c9483e https://git.kernel.org/stable/c/b0a2cd38553c77928ef1646ed1518486b1e70ae8 https://git.kernel.org/stable/c/a8f7359259dd5923adc6129284fdad12f • CWE-544: Missing Standardized Error Handling Mechanism •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module refcnt after SCSI device is released SCSI host release is triggered when SCSI device is freed. We have to make sure that the low-level device driver module won't be unloaded before SCSI host instance is released because shost->hostt is required in the release handler. Make sure to put LLD module refcnt after SCSI device is released. Fixes a kernel panic of 'BUG: unable to handle page fault for address' reported by Changhui and Yi. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: core: colocar el módulo LLD refcnt después de liberar el dispositivo SCSI. La liberación del host SCSI se activa cuando se libera el dispositivo SCSI. Tenemos que asegurarnos de que el módulo del controlador de dispositivo de bajo nivel no se descargue antes de que se lance la instancia del host SCSI porque se requiere shost->hostt en el controlador de lanzamiento. • https://git.kernel.org/stable/c/1105573d964f7b78734348466b01f5f6ba8a1813 https://git.kernel.org/stable/c/8e4814a461787e15a31d322d9efbe0d4f6822428 https://git.kernel.org/stable/c/61a0faa89f21861d1f8d059123b5c285a5d9ffee https://git.kernel.org/stable/c/c2df161f69fb1c67f63adbd193368b47f511edc0 https://git.kernel.org/stable/c/1ce287eff9f23181d5644db787f472463a61f68b https://git.kernel.org/stable/c/7b57c38d12aed1b5d92f74748bed25e0d041729f https://git.kernel.org/stable/c/f30822c0b4c35ec86187ab055263943dc71a6836 https://git.kernel.org/stable/c/f2b85040acec9a928b4eb1b57a989324e •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use-after-free in rtl8712_dl_fw Syzbot reported use-after-free in rtl8712_dl_fw(). The problem was in race condition between r871xu_dev_remove() ->ndo_open() callback. It's easy to see from crash log, that driver accesses released firmware in ->ndo_open() callback. It may happen, since driver was releasing firmware _before_ unregistering netdev. Fix it by moving unregister_netdev() before cleaning up resources. Call Trace: ... rtl871x_open_fw drivers/staging/rtl8712/hal_init.c:83 [inline] rtl8712_dl_fw+0xd95/0xe10 drivers/staging/rtl8712/hal_init.c:170 rtl8712_hal_init drivers/staging/rtl8712/hal_init.c:330 [inline] rtl871x_hal_init+0xae/0x180 drivers/staging/rtl8712/hal_init.c:394 netdev_open+0xe6/0x6c0 drivers/staging/rtl8712/os_intfs.c:380 __dev_open+0x2bc/0x4d0 net/core/dev.c:1484 Freed by task 1306: ... release_firmware+0x1b/0x30 drivers/base/firmware_loader/main.c:1053 r871xu_dev_remove+0xcc/0x2c0 drivers/staging/rtl8712/usb_intf.c:599 usb_unbind_interface+0x1d8/0x8d0 drivers/usb/core/driver.c:458 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: staging: rtl8712: corrige el use-after-free en rtl8712_dl_fw Syzbot informó el use-after-free en rtl8712_dl_fw(). El problema estaba en la condición de ejecución entre la devolución de llamada r871xu_dev_remove() ->ndo_open(). • https://git.kernel.org/stable/c/8c213fa59199f9673d66970d6940fa093186642f https://git.kernel.org/stable/c/bc5d453eab4506cb52397db8830d1070904265a4 https://git.kernel.org/stable/c/c430094541a80575259a94ff879063ef01473506 https://git.kernel.org/stable/c/befd23bd3b17f1a3f9c943a8580b47444c7c63ed https://git.kernel.org/stable/c/a65c9afe9f2f55b7a7fb4a25ab654cd4139683a4 https://git.kernel.org/stable/c/c052cc1a069c3e575619cf64ec427eb41176ca70 •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: isofs: Fix out of bound access for corrupted isofs image When isofs image is suitably corrupted isofs_read_inode() can read data beyond the end of buffer. Sanity-check the directory entry length before using it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: isofs: corrige el acceso fuera de los límites para una imagen isofs corrupta. Cuando la imagen isofs está adecuadamente dañada, isofs_read_inode() puede leer datos más allá del final del búfer. Cordura: verifique la longitud de la entrada del directorio antes de usarla. • https://git.kernel.org/stable/c/156ce5bb6cc43a80a743810199defb1dc3f55b7f https://git.kernel.org/stable/c/9ec33a9b8790c212cc926a88c5e2105f97f3f57e https://git.kernel.org/stable/c/afbd40f425227e661d991757e11cc4db024e761f https://git.kernel.org/stable/c/b0ddff8d68f2e43857a84dce54c3deab181c8ae1 https://git.kernel.org/stable/c/6e80e9314f8bb52d9eabe1907698718ff01120f5 https://git.kernel.org/stable/c/86d4aedcbc69c0f84551fb70f953c24e396de2d7 https://git.kernel.org/stable/c/b2fa1f52d22c5455217b294629346ad23a744945 https://git.kernel.org/stable/c/e7fb722586a2936b37bdff096c095c30c • CWE-125: Out-of-bounds Read •