Page 303 of 7162 results (0.027 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup() fails, we still need to free the command response. Fix that. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: iwlwifi: mvm: rfi: corrige posibles fugas de respuesta Si falla la verificación de la longitud de la payload de rx, o si falla kmemdup(), aún necesitamos liberar la respuesta del comando. Arregla eso. In t... • https://git.kernel.org/stable/c/21254908cbe995a3982a23da32c30d1b43467043 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: fix memory corruption bug with suspend and rebuild The ice driver would previously panic after suspend. This is caused from the driver *only* calling the ice_vsi_free_q_vectors() function by itself, when it is suspending. Since commit b3e7b3a6ee92 ("ice: prevent NULL pointer deref during reload") the driver has zeroed out num_q_vectors, and only restored it in ice_vsi_cfg_def(). This further causes the ice_rebuild() function to allocat... • https://git.kernel.org/stable/c/b3e7b3a6ee92ab927f750a6b19615ce88ece808f •

CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0

19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding netns has been dismantled. Fortunately Josef Bacik could trigger the issue more often, and could test a patch I wrote two years ago. When TCP sockets are closed, we call inet_csk_clear_xmit_timers() to 'stop' the timers. inet_csk_clear_xmit_timers() can be called from any context, including when socket lock is held... • https://git.kernel.org/stable/c/8a68173691f036613e3d4e6bf8dc129d4a7bf383 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Split 64bit accesses to fix alignment issues Some of the registers are aligned on a 32bit boundary, causing alignment faults on 64bit platforms. Unable to handle kernel paging request at virtual address ffffffc084a1d004 Mem abort info: ESR = 0x0000000096000061 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x21: alignment fault Data abort info: ISV = 0, ISS = 0x00000061, ISS2 = 0x0000000... • https://git.kernel.org/stable/c/39d439047f1dc88f98b755d6f3a53a4ef8f0de21 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tls: get psock ref after taking rxlock to avoid leak At the start of tls_sw_recvmsg, we take a reference on the psock, and then call tls_rx_reader_lock. If that fails, we return directly without releasing the reference. Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: tls: obtenga referencia de psock después de t... • https://git.kernel.org/stable/c/4cbc325ed6b4dce4910be06d9d6940a8b919c59b •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump b) trigger kdump via "echo c > /proc/sysrq-trigger" c) kdump kernel executes d) kdump kernel loads mlxbf_gige module e) the mlxbf_gige module runs its open() as the the "oob_net0" interface is brought up f) mlxbf_gige... • https://git.kernel.org/stable/c/f92e1869d74e1acc6551256eb084a1c14a054e19 •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int representation. This should not actually happen, as there are other protections along the way, but we should protect against it anyway. One code path was missing such protections (fixed in the previous patch in the ... • https://git.kernel.org/stable/c/afea95d319ccb4ad2060dece9ac5e2e364dec543 •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: selinux: avoid dereference of garbage after mount failure In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: selinux: evita la desreferenciación de basura después de un error de montaje En caso de que kern_mount() falle y... • https://git.kernel.org/stable/c/0619f0f5e36f12e100ef294f5980cfe7c93ff23e •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/bpf: Fix IP after emitting call depth accounting Adjust the IP passed to `emit_patch` so it calculates the correct offset for the CALL instruction if `x86_call_depth_emit_accounting` emits code. Otherwise we will skip some instructions and most likely crash. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: x86/bpf: corrige la IP después de emitir la contabilidad de profundidad de llamadas. Ajuste la IP pasada a `emit_patc... • https://git.kernel.org/stable/c/b2e9dfe54be4d023124d588d6f03d16a9c0d2507 •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * The following call-sites pass a NULL cp argument to __rds_rdma_map() - rds_get_mr() - rds_get_mr_for_dest * Prior to the code above, the following assumes that cp may be NULL (which is indicative, but could itself be unnecessary) trans_pri... • https://git.kernel.org/stable/c/786854141057751bc08eb26f1b02e97c1631c8f4 •