Page 307 of 4617 results (0.015 seconds)

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in a null-ptr-deref. The get_free_serial_index() function returns an available minor number but doesn't assign it immediately. The assignment is done by the caller later. But before this assignment, calls to get_free_serial_index() would return the same minor number. Fix this by modifying get_free_serial_index to assign the minor number immediately after one is found to be and rename it to obtain_minor() to better reflect what it does. Similary, rename set_serial_by_index() to release_minor() and modify it to free up the minor number of the given hso_serial. • https://git.kernel.org/stable/c/72dc1c096c7051a48ab1dbb12f71976656b55eb5 https://git.kernel.org/stable/c/a462067d7c8e6953a733bf5ade8db947b1bb5449 https://git.kernel.org/stable/c/145c89c441d27696961752bf51b323f347601bee https://git.kernel.org/stable/c/caf5ac93b3b5d5fac032fc11fbea680e115421b4 https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36 https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723 https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/radeon: verifique el valor de retorno de alloc_workqueue en radeon_crtc_init() verifique el valor de retorno de alloc_workqueue en radeon_crtc_init() para evitar null-ptr-deref. A NULL pointer dereference flaw was found in alloc_workqueue in the Linux Kernel. Check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref. • https://git.kernel.org/stable/c/fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 https://git.kernel.org/stable/c/21b1645660717d6126dd4866c850fcc5c4703a41 https://git.kernel.org/stable/c/5d12c5d75f7c78b83a738025947651ec5c95b4d4 https://git.kernel.org/stable/c/57ca7984806d79b38af528de88fd803babf27feb https://git.kernel.org/stable/c/14bbfaa5df273b26cde6707f6e655585700e6fe1 https://git.kernel.org/stable/c/c4ff55408187f2595066967047363ca84e76db85 https://git.kernel.org/stable/c/0b813a6a0087451cb702b6eb841f10856f49d088 https://git.kernel.org/stable/c/fb2d8bc9b5e55848b8a7c3c028e2ee8d4 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes through the following call chains: kv_parse_power_table |-> kv_dpm_init |-> kv_dpm_sw_init |-> kv_dpm_fini The adev->pm.dpm.ps is used in the for loop of kv_dpm_fini after its first free in kv_parse_power_table and causes a use-after-free bug. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers/amd/pm: corrige un use-after-free en kv_parse_power_table Cuando ps asignado por kzalloc es igual a NULL, kv_parse_power_table libera adev->pm.dpm.ps que se asignó antes. Sin embargo, después de que el flujo de control pasa por las siguientes cadenas de llamadas: kv_parse_power_table |-> kv_dpm_init |-> kv_dpm_sw_init |-> kv_dpm_fini El adev->pm.dpm.ps se usa en el bucle for de kv_dpm_fini después de su primera liberación en kv_parse_power_table y provoca un error de use-after-free. A use-after-free flaw was found in kv_parse_power_table in drivers/amd/pm in the Linux kernel. • https://git.kernel.org/stable/c/a2e73f56fa6282481927ec43aa9362c03c2e2104 https://git.kernel.org/stable/c/8a27d9d9fc9b5564b8904c3a77a7dea482bfa34e https://git.kernel.org/stable/c/8b55b06e737feb2a645b0293ea27e38418876d63 https://git.kernel.org/stable/c/520e213a0b97b64735a13950e9371e0a5d7a5dc3 https://git.kernel.org/stable/c/b6dcba02ee178282e0d28684d241e0b8462dea6a https://git.kernel.org/stable/c/35fa2394d26e919f63600ce631e6aefc95ec2706 https://git.kernel.org/stable/c/95084632a65d5c0d682a83b55935560bdcd2a1e3 https://git.kernel.org/stable/c/3426f059eacc33ecc676b0d66539297e1 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Ethernet gadget triggering a wakeup for example: configfs-gadget.g1 gadget.0: ECM Suspend configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup ... Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute ... PC is at 0x0 LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc] ... musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core] usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether] eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4 sch_direct_xmit from __dev_queue_xmit+0x334/0xd88 __dev_queue_xmit from arp_solicit+0xf0/0x268 arp_solicit from neigh_probe+0x54/0x7c neigh_probe from __neigh_event_send+0x22c/0x47c __neigh_event_send from neigh_resolve_output+0x14c/0x1c0 neigh_resolve_output from ip_finish_output2+0x1c8/0x628 ip_finish_output2 from ip_send_skb+0x40/0xd8 ip_send_skb from udp_send_skb+0x124/0x340 udp_send_skb from udp_sendmsg+0x780/0x984 udp_sendmsg from __sys_sendto+0xd8/0x158 __sys_sendto from ret_fast_syscall+0x0/0x58 Let's fix the issue by checking for send_srp() and set_vbus() before calling them. For USB peripheral only cases these both could be NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: ti: phy-omap-usb2: corrige la desreferencia del puntero NULL para SRP. • https://git.kernel.org/stable/c/657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5 https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3 https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462 https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4 https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4 https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f64 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgic_its_check_cache() does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes. Have vgic_its_check_cache() raise the refcount on the returned vgic_irq and add the corresponding decrement after queueing the interrupt. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: arm64: vgic-its: Evite posibles UAF en la caché de traducción LPI. Existe un escenario potencial de UAF en el caso de que un caché de traducción LPI se acelere con una operación que invalide la caché, como un comando DISCARD ITS. La raíz del problema es que vgic_its_check_cache() no eleva el refcount en vgic_irq antes de eliminar el bloqueo que serializa los cambios de refcount. • https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88 https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703 https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4 https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6 https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1 https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80 https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f https://lists.debian.org/debian-lts-announce/2024/06/ • CWE-416: Use After Free •