Page 3 of 4246 results (0.001 seconds)

CVSS: -EPSS: %CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption. This commit adds a check for start_clu, if it is an invalid cluster, the file or directory will be treated as empty. • https://git.kernel.org/stable/c/a0120d6463368378539ef928cf067d02372efb8c https://git.kernel.org/stable/c/3ddd1cb2b458ff6a193bc845f408dfff217db29e https://git.kernel.org/stable/c/184fa506e392eb78364d9283c961217ff2c0617b •

CVSS: -EPSS: %CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value. • https://git.kernel.org/stable/c/745f7ce5a95e783ba62fe774325829466aec2aa8 https://git.kernel.org/stable/c/90adbae9dd158da8331d9fdd32077bd1af04f553 https://git.kernel.org/stable/c/3c5f545c9a1f8a1869246f6f3ae8c17289d6a841 https://git.kernel.org/stable/c/842f1c27a1aef5367e535f9e85c8c3b06352151a https://git.kernel.org/stable/c/de53c5305184ca1333b87e695d329d1502d694ce https://git.kernel.org/stable/c/dde654cad08fdaac370febb161ec41eb58e9d2a2 https://git.kernel.org/stable/c/084f797dbc7e52209a4ab6dbc7f0109268754eb9 https://git.kernel.org/stable/c/ccd3394f9a7200d6b088553bf38e68862 •

CVSS: -EPSS: %CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386. • https://git.kernel.org/stable/c/fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 https://git.kernel.org/stable/c/5c710f45811e7e2bfcf703980c306f19c7e1ecfe https://git.kernel.org/stable/c/e6102b72edc4eb8c0858df00ba74b5ce579c8fa2 https://git.kernel.org/stable/c/1bd118c5f887802cef2d9ba0d1917258667f1cae https://git.kernel.org/stable/c/1575df968650d11771359e5ac78278c5b0cc19f3 https://git.kernel.org/stable/c/a875c023155ea92b75d6323977003e64d92ae7fc https://git.kernel.org/stable/c/d1a211e5210d31da8f49fc0021bf7129b726468c https://git.kernel.org/stable/c/a9c95f787b88b29165563fd97761032db •

CVSS: -EPSS: %CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/xen: no realizar la hiperllamada de PV iret a través de la página de hiperllamada En lugar de saltar a la página de hiperllamada de Xen para realizar la hiperllamada iret, codificar directamente la secuencia requerida en xen-asm.S. Esto se hace como preparación para no utilizar más la página de hiperllamada, ya que se ha demostrado que causa problemas con las mitigaciones de especulación. Esto es parte de XSA-466 / CVE-2024-53241. • https://git.kernel.org/stable/c/05df6e6cd9a76b778aee33c3c18c9f3b3566d4a5 https://git.kernel.org/stable/c/c7b4cfa6213a44fa48714186dfdf125072d036e3 https://git.kernel.org/stable/c/fa719857f613fed94a79da055b13ca51214c694f https://git.kernel.org/stable/c/82c211ead1ec440dbf81727e17b03b5e3c44b93d https://git.kernel.org/stable/c/f7c3fdad0a474062d566aae3289d490d7e702d30 https://git.kernel.org/stable/c/a2796dff62d6c6bfc5fbebdf2bee0d5ac0438906 http://www.openwall.com/lists/oss-security/2024/12/17/2 http://www.openwall.com/lists/oss-security/2024/12 •

CVSS: -EPSS: %CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying to stop them. This is XSA-465 / CVE-2024-53240. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xen/netfront: se corrige un fallo al eliminar un dispositivo Al eliminar un dispositivo netfront directamente después de un ciclo de suspensión/reanudación, puede suceder que las colas no se hayan configurado nuevamente, lo que provoca un fallo durante el intento de detener las colas otra vez. Solucione esto comprobando que las colas existen antes de intentar detenerlas. Esto es XSA-465 / CVE-2024-53240. • https://git.kernel.org/stable/c/ed773dd798bf720756d20021b8d8a4a3d7184bda https://git.kernel.org/stable/c/e6860c889f4ad50b6ab696f5ea154295d72cf27a https://git.kernel.org/stable/c/e6e897d4fe2f89c0bd94600a40bedf5e6e75e050 https://git.kernel.org/stable/c/d50b7914fae04d840ce36491d22133070b18cca9 https://git.kernel.org/stable/c/99859947517e446058ad7243ee81d2f9801fa3dd https://git.kernel.org/stable/c/f2dd60fd3fe98bd36a91b0c6e10bfe9d66258f84 https://git.kernel.org/stable/c/20f7f0cf7af5d81b218202ef504223af84b16a8f https://git.kernel.org/stable/c/1d5354a9182b6d302ae10367cbec1ca33 •