Page 309 of 4296 results (0.033 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link[1]: f2fs_rename() ... if (old_dir != new_dir && !whiteout) f2fs_set_link(old_inode, old_dir_entry, old_dir_page, new_dir); else f2fs_put_page(old_dir_page, 0); You want correct inumber in the ".." link. And cross-directory rename does move the source to new parent, even if you'd been asked to leave a whiteout in the old place. [1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/ With below testcase, it may cause dirent corruption, due to it missed to call f2fs_set_link() to update ".." link to new directory. - mkdir -p dir/foo - renameat2 -w dir/foo bar [ASSERT] (__chk_dots_dentries:1421) --> Bad inode number[0x4] for '. • https://git.kernel.org/stable/c/7e01e7ad746bc8198a8b46163ddc73a1c7d22339 https://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46 https://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024 https://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310 https://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77 https://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7 https://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728 https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f23 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: validar la identificación de la sesión y la identificación del árbol en la solicitud compuesta `smb2_get_msg()` en smb2_get_ksmbd_tcon() y smb2_check_user_session() siempre devolverá el encabezado smb2 de la primera solicitud en una solicitud compuesta. si `SMB2_TREE_CONNECT_HE` es el primer comando en la solicitud compuesta, devolverá 0, es decir, se omite la verificación de identificación del árbol. Este parche usa ksmbd_req_buf_next() para obtener el comando actual en compuesto. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. • https://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693 https://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266f https://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777ac https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332e •

CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in init_smb2_rsp_hdr() If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: corrección fuera de los límites en init_smb2_rsp_hdr() Si el cliente envía una solicitud de negociación smb2 y luego envía una solicitud de negociación smb1, se llama a init_smb2_rsp_hdr para la solicitud de negociación smb1 ya que need_neg está configurado en falso. Este parche ignora los paquetes smb1 después de que ->need_neg se establece en falso. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. • https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: corrige el desbordamiento de slub en ksmbd_decode_ntlmssp_auth_blob() Si authblob->SessionKey.Length es mayor que el tamaño de la clave de sesión (CIFS_KEY_SIZE), puede ocurrir un desbordamiento de slub en los códigos de intercambio de claves. cifs_arc4_crypt copia a la matriz de claves de sesión desde SessionKey del cliente. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the processing of session keys. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. • https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809 https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4 https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20 https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: termina explícitamente en nulo la lista xattr Al configurar un xattr, termina explícitamente en nulo la lista xattr. Esto elimina la frágil suposición de que el espacio xattr no utilizado siempre se pone a cero. • https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135 https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52 https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11 https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36 https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a •