Page 308 of 2886 results (0.011 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: harden detection of controller The existing code currently sets a pointer to an ACPI handle before checking that it's actually a SoundWire controller. This can lead to issues where the graph walk continues and eventually fails, but the pointer was set already. This patch changes the logic so that the information provided to the caller is set when a controller is found. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: intel-sdw-acpi: reforzar la detección del controlador El código existente actualmente establece un puntero a un identificador ACPI antes de verificar que en realidad es un controlador SoundWire. Esto puede provocar problemas en los que el recorrido del gráfico continúa y finalmente falla, pero el puntero ya estaba configurado. Este parche cambia la lógica para que la información proporcionada a la persona que llama se establezca cuando se encuentra un controlador. • https://git.kernel.org/stable/c/cce476954401e3421afafb25bbaa926050688b1d https://git.kernel.org/stable/c/385f287f9853da402d94278e59f594501c1d1dad •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy->pending_skb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unreferenced object 0xffff88800bc06800 (size 512): comm "8", pid 11775, jiffies 4295159829 (age 9.032s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000d66c09ce>] __kmalloc_node_track_caller+0x1ed/0x450 [<00000000c93382b3>] kmalloc_reserve+0x37/0xd0 [<000000005fea522c>] __alloc_skb+0x124/0x380 [<0000000019f29f9a>] st21nfca_hci_i2c_probe+0x170/0x8f2 Fix it by freeing 'pending_skb' in error and remove. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: NFC: st21nfca: corrige la pérdida de memoria en la sonda del dispositivo y elimina 'phy-&gt;pending_skb' cuando se asigna la sonda del dispositivo, pero olvidó liberarla en la ruta de manejo de errores y eliminar la ruta, esto causa pérdida de memoria de la siguiente manera: objeto sin referencia 0xffff88800bc06800 (tamaño 512): comunicación "8", pid 11775, santiago 4295159829 (edad 9.032 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................. backtrace: [&lt;00000000d66c09ce&gt;] __kmalloc_node_track_caller+0x1ed/0x450 [&lt;00000000c93382b3&gt;] kmalloc_reserve+0x37/0xd0 [&lt;000000005fea522c&gt;] __alloc_skb+0x124/0x380 [ &lt;0000000019f29f9a&gt;] st21nfca_hci_i2c_probe+0x170/0x8f2 Solucionarlo liberando 'pending_skb' por error y elimínelo. • https://git.kernel.org/stable/c/68957303f44a501af5cf37913208a2acaa6bcdf1 https://git.kernel.org/stable/c/38c3e320e7ff46f2dc67bc5045333e63d9f8918d https://git.kernel.org/stable/c/a1e0080a35a16ce3808f7040fe0c3a8fdb052349 https://git.kernel.org/stable/c/1cd4063dbc91cf7965d73a6a3855e2028cd4613b https://git.kernel.org/stable/c/e553265ea56482da5700f56319fda9ff53e7dcb4 https://git.kernel.org/stable/c/238920381b8925d070d32d73cd9ce52ab29896fe https://git.kernel.org/stable/c/1b9dadba502234eea7244879b8d5d126bfaf9f0c • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests hfi1 user SDMA request processing has two bugs that can cause data corruption for user SDMA requests that have multiple payload iovecs where an iovec other than the tail iovec does not run up to the page boundary for the buffer pointed to by that iovec.a Here are the specific bugs: 1. user_sdma_txadd() does not use struct user_sdma_iovec->iov.iov_len. Rather, user_sdma_txadd() will add up to PAGE_SIZE bytes from iovec to the packet, even if some of those bytes are past iovec->iov.iov_len and are thus not intended to be in the packet. 2. user_sdma_txadd() and user_sdma_send_pkts() fail to advance to the next iovec in user_sdma_request->iovs when the current iovec is not PAGE_SIZE and does not contain enough data to complete the packet. The transmitted packet will contain the wrong data from the iovec pages. This has not been an issue with SDMA packets from hfi1 Verbs or PSM2 because they only produce iovecs that end short of PAGE_SIZE as the tail iovec of an SDMA request. Fixing these bugs exposes other bugs with the SDMA pin cache (struct mmu_rb_handler) that get in way of supporting user SDMA requests with multiple payload iovecs whose buffers do not end at PAGE_SIZE. So this commit fixes those issues as well. Here are the mmu_rb_handler bugs that non-PAGE_SIZE-end multi-iovec payload user SDMA requests can hit: 1. Overlapping memory ranges in mmu_rb_handler will result in duplicate pinnings. 2. When extending an existing mmu_rb_handler entry (struct mmu_rb_node), the mmu_rb code (1) removes the existing entry under a lock, (2) releases that lock, pins the new pages, (3) then reacquires the lock to insert the extended mmu_rb_node. If someone else comes in and inserts an overlapping entry between (2) and (3), insert in (3) will fail. The failure path code in this case unpins _all_ pages in either the original mmu_rb_node or the new mmu_rb_node that was inserted between (2) and (3). 3. • https://git.kernel.org/stable/c/7724105686e718ac476a6ad3304fea2fbcfcffde https://git.kernel.org/stable/c/9c4c6512d7330b743c4ffd18bd999a86ca26db0d https://git.kernel.org/stable/c/a2bd706ab63509793b5cd5065e685b7ef5cba678 https://git.kernel.org/stable/c/dce59b5443700fbd0d2433ec6e4d4cf063448844 https://git.kernel.org/stable/c/c76cb8f4bdf26d04cfa5485a93ce297dba5e6a80 https://git.kernel.org/stable/c/7e6010f79b58f45b204cf18aa58f4b73c3f30adc https://git.kernel.org/stable/c/00cbce5cbf88459cd1aa1d60d0f1df15477df127 •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes. To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: usbhid: corrige fuga de información en hid_submit_ctrl En hid_submit_ctrl(), la forma de calcular la longitud del informe no tiene en cuenta que el tamaño del informe-&gt;puede ser cero. • https://git.kernel.org/stable/c/c5d3c142f2d57d40c55e65d5622d319125a45366 https://git.kernel.org/stable/c/41b1e71a2c57366b08dcca1a28b0d45ca69429ce https://git.kernel.org/stable/c/8c064eece9a51856f3f275104520c7e3017fc5c0 https://git.kernel.org/stable/c/0e280502be1b003c3483ae03fc60dea554fcfa82 https://git.kernel.org/stable/c/7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1 https://git.kernel.org/stable/c/b1e3596416d74ce95cc0b7b38472329a3818f8a9 https://git.kernel.org/stable/c/21883bff0fd854e07429a773ff18f1e9658f50e8 https://git.kernel.org/stable/c/6be388f4a35d2ce5ef7dbf635a8964a5d • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock Using f2fs_trylock_op() in f2fs_write_compressed_pages() to avoid potential deadlock like we did in f2fs_write_single_data_page(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrección para evitar un posible interbloqueo Usando f2fs_trylock_op() en f2fs_write_compressed_pages() para evitar un posible interbloqueo como lo hicimos en f2fs_write_single_data_page(). • https://git.kernel.org/stable/c/0478ccdc8ea016de1ebaf6fe6da0275c2b258c5b https://git.kernel.org/stable/c/8e8542437bb4070423c9754d5ba270ffdbae8c8d https://git.kernel.org/stable/c/df77fbd8c5b222c680444801ffd20e8bbc90a56e • CWE-667: Improper Locking •