Page 307 of 3130 results (0.027 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't setup the framebuffers, their address and size are 0 in "iommu-addresses" property. If IOVA region is reserved with 0 length, then it ends up corrupting the IOVA rbtree with an entry which has pfn_hi < pfn_lo. If we intend to use display driver in kernel without framebuffer then it's causing the display IOMMU mappings to fail as entire valid IOVA space is reserve... • https://git.kernel.org/stable/c/a5bf3cfce8cb77d9d24613ab52d520896f83dd48 •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 lr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp] Call trace: process_one_work+0x174/0x3c8 worker_thread+0x2d0/0x3e8 kthread+0x104/0x110 Fix the bug by raising a fatal error if ... • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 • CWE-476: NULL Pointer Dereference •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on the fd offset. This results in migration data corruption and when the device gets started on the destination the following error is reported in some cases, [ 478.907684] arm-smmu-v3 arm-smmu-v3.2.auto: event 0x10 rec... • https://git.kernel.org/stable/c/d9a871e4a143047d1d84a606772af319f11516f9 •

CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0

23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once again before reading the incoming data from the buffer. The driver is currently missing the second reset, causing the wrong portion of the block buffer to be read. En el kernel de Linux, se ha resuelto la siguiente... • https://git.kernel.org/stable/c/315cd67c945351f8a569500f8ab16b7fa94026e8 • CWE-125: Out-of-bounds Read •

CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0

23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: validar el token mecánico en la configuración de la sesión Si el cliente envía un token mecánico no válido en la solicitud de configuración de la sesión, ksmbd valida y genera el error si no es válido. This vulnerabil... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf • CWE-125: Out-of-bounds Read •

CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0

22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on `struct tcp_transport` in ksmbd_tcp_new_connection() function. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ksmbd: soluciona problema de UAF en ksmbd_tcp_new_connection() La ejecución es entre el manejo de una nueva conexión TCP y su desconexión. Conduce a UAF en `struct t... • https://git.kernel.org/stable/c/a848c4f15ab6d5d405dbee7de5da71839b2bf35e • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpf_tracing_prog_attach The following case can cause a crash due to missing attach_btf: 1) load rawtp program 2) load fentry program with rawtp as target_fd 3) create tracing link for fentry program with target_fd = 0 4) repeat 3 In the end we have: - prog->aux->dst_trampoline == NULL - tgt_prog == NULL (because we did not provide target_fd to link_create) - prog->aux->attach_btf == NULL (the program was loa... • https://git.kernel.org/stable/c/f3a95075549e0e5c36db922caf86847db7a35403 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory (ever since 6715df8d5) but, before this patch, these accesses were permitted inconsistently. In particular, accesses were permitted above state->allocated_stack, but not below it. In other words, if the stack was already "large enough", the access was permitted, but otherwise the access was rejected instead of being allowed... • https://git.kernel.org/stable/c/01f810ace9ed37255f27608a0864abebccf0aab3 • CWE-665: Improper Initialization •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails, the cursor is left pointing to &drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the last valid entry in the array. The debug message at the end of the function then dereferences this pointer: ... • https://git.kernel.org/stable/c/51925fb3c5c901aa06cdc853268a6e19e19bcdc7 • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() Get logical socket id instead of physical id in discover_upi_topology() to avoid out-of-bound access on 'upi = &type->topology[nid][idx];' line that leads to NULL pointer dereference in upi_fill_topology() En el kernel de Linux, se resolvió la siguiente vulnerabilidad: perf/x86/intel/uncore: solucione el problema de desreferencia del puntero NULL en upi_fill_to... • https://git.kernel.org/stable/c/f680b6e6062ef3c944ffc966d685f067958fca33 • CWE-476: NULL Pointer Dereference •