Page 35 of 2262 results (0.009 seconds)

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ext4: update orig_path in ext4_find_extent() In ext4_find_extent(), if the path is not big enough, we free it and set *orig_path to NULL. But after reallocating and successfully initializing the path, we don't update *orig_path, in which case the caller gets a valid path but a NULL ppath, and this may cause a NULL pointer dereference or a path memory leak. For example: ext4_split_extent path = *ppath = 2000 ext4_find_extent if (depth > path[0].p_maxdepth) kfree(path = 2000); *orig_path = path = NULL; path = kcalloc() = 3000 ext4_split_extent_at(*ppath = NULL) path = *ppath; ex = path[depth].p_ext; // NULL pointer dereference! ================================================================== BUG: kernel NULL pointer dereference, address: 0000000000000010 CPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847 RIP: 0010:ext4_split_extent_at+0x6d/0x560 Call Trace: <TASK> ext4_split_extent.isra.0+0xcb/0x1b0 ext4_ext_convert_to_initialized+0x168/0x6c0 ext4_ext_handle_unwritten_extents+0x325/0x4d0 ext4_ext_map_blocks+0x520/0xdb0 ext4_map_blocks+0x2b0/0x690 ext4_iomap_begin+0x20e/0x2c0 [...] ================================================================== Therefore, *orig_path is updated when the extent lookup succeeds, so that the caller can safely use path or *ppath. • https://git.kernel.org/stable/c/10809df84a4d868db61af621bae3658494165279 https://git.kernel.org/stable/c/6766937d0327000ac1b87c97bbecdd28b0dd6599 https://git.kernel.org/stable/c/a9fcb1717d75061d3653ed69365c8d45331815cd https://git.kernel.org/stable/c/6801ed1298204d16a38571091e31178bfdc3c679 https://git.kernel.org/stable/c/f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2 https://git.kernel.org/stable/c/b63481b3a388ee2df9e295f97273226140422a42 https://git.kernel.org/stable/c/11b230100d6801c014fab2afabc8bdea304c1b96 https://git.kernel.org/stable/c/5b4b2dcace35f618fe361a87bae6f0d13 •

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm: omapdrm: Add missing check for alloc_ordered_workqueue As it may return NULL pointer and cause NULL pointer dereference. Add check for the return value of alloc_ordered_workqueue. • https://git.kernel.org/stable/c/2f95bc6d324a93b2411bcc5defe4d4414c45f325 https://git.kernel.org/stable/c/2bda89735199683b03f55b807bd1e31a3857520b https://git.kernel.org/stable/c/e60b0d3b5aa2e8d934deca9e11215af84e632bc9 https://git.kernel.org/stable/c/f37a1d9e5e22d5489309c3cd2db476dcdcc6530c https://git.kernel.org/stable/c/b57b53e8ffcdfda87d954fc4187426a54fe75a3d https://git.kernel.org/stable/c/0d71916694aceb207fefecf62dfa811ec1108bbd https://git.kernel.org/stable/c/334de68eda2b99892ba869c15cb59bc956fd9f42 https://git.kernel.org/stable/c/e794b7b9b92977365c693760a259f8eef •

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: resource: fix region_intersects() vs add_memory_driver_managed() On a system with CXL memory, the resource tree (/proc/iomem) related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff : region0 490000000-50fffffff : dax0.0 490000000-50fffffff : System RAM (kmem) Because drivers/dax/kmem.c calls add_memory_driver_managed() during onlining CXL memory, which makes "System RAM (kmem)" a descendant of "CXL Window X". This confuses region_intersects(), which expects all "System RAM" resources to be at the top level of iomem_resource. This can lead to bugs. For example, when the following command line is executed to write some memory in CXL memory range via /dev/mem, $ dd if=data of=/dev/mem bs=$((1 << 10)) seek=$((0x490000000 >> 10)) count=1 dd: error writing '/dev/mem': Bad address 1+0 records in 0+0 records out 0 bytes copied, 0.0283507 s, 0.0 kB/s the command fails as expected. However, the error code is wrong. It should be "Operation not permitted" instead of "Bad address". • https://git.kernel.org/stable/c/c221c0b0308fd01d9fb33a16f64d2fd95f8830a4 https://git.kernel.org/stable/c/1d5f85f1b7db79c75c9e07d6571ce2a7bdf725c4 https://git.kernel.org/stable/c/8a6fef7d22a1d952aed68584d3fcc0d018d2bdc3 https://git.kernel.org/stable/c/4b90d2eb451b357681063ba4552b10b39d7ad885 https://git.kernel.org/stable/c/393331e16ce205e036e58b3d8ca4ee2e635f21d9 https://git.kernel.org/stable/c/06ff97a20b8c9e9d256b0d2c3e87f78f8ccea3de https://git.kernel.org/stable/c/927abc5b7d6d2c2e936bec5a2f71d9512c5e72f7 https://git.kernel.org/stable/c/b4afe4183ec77f230851ea139d91e5cf2 •

CVSS: -EPSS: 0%CPEs: 11EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate When doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger NULL pointer dereference in the following ocfs2_set_buffer_uptodate() if bh is NULL. • https://git.kernel.org/stable/c/cf76c78595ca87548ca5e45c862ac9e0949c4687 https://git.kernel.org/stable/c/01f93d5e36753fc4d06ec67f05ce78c9c6f2dd56 https://git.kernel.org/stable/c/65cbd1279f4b999d56a838344a30642db24cd215 https://git.kernel.org/stable/c/97e1db17bc1ef4c2e1789bc9323c7be44fba53f8 https://git.kernel.org/stable/c/6c150df9c2e80b5cf86f5a0d98beb7390ad63bfc https://git.kernel.org/stable/c/61b84013e560382cbe7dd56758be3154d43a3988 https://git.kernel.org/stable/c/df944dc46d06af65a75191183d52be017e6b9dbe https://git.kernel.org/stable/c/01cb2e751cc61ade454c9bc1aaa2eac1f •

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nfsd: map the EBADMSG to nfserr_io to avoid warning Ext4 will throw -EBADMSG through ext4_readdir when a checksum error occurs, resulting in the following WARNING. Fix it by mapping EBADMSG to nfserr_io. nfsd_buffered_readdir iterate_dir // -EBADMSG -74 ext4_readdir // .iterate_shared ext4_dx_readdir ext4_htree_fill_tree htree_dirblock_to_tree ext4_read_dirblock __ext4_read_dirblock ext4_dirblock_csum_verify warn_no_space_for_csum __warn_no_space_for_csum return ERR_PTR(-EFSBADCRC) // -EBADMSG -74 nfserrno // WARNING [ 161.115610] ------------[ cut here ]------------ [ 161.116465] nfsd: non-standard errno: -74 [ 161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0 [ 161.118596] Modules linked in: [ 161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138 [ 161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe mu.org 04/01/2014 [ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0 [ 161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6 05 ce 2b 61 03 01 e8 99 20 d8 00 <0f> 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33 [ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286 [ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a [ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827 [ 161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021 [ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8 [ 161.135244] FS: 0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000 [ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0 [ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 161.141519] PKRU: 55555554 [ 161.142076] Call Trace: [ 161.142575] ? __warn+0x9b/0x140 [ 161.143229] ? nfserrno+0x9d/0xd0 [ 161.143872] ? report_bug+0x125/0x150 [ 161.144595] ? handle_bug+0x41/0x90 [ 161.145284] ? • https://git.kernel.org/stable/c/0ea4333c679f333e23956de743ad17387819d3f2 https://git.kernel.org/stable/c/825789ca94602543101045ad3aad19b2b60c6b2a https://git.kernel.org/stable/c/6fe058502f8864649c3d614b06b2235223798f48 https://git.kernel.org/stable/c/f7d8ee9db94372b8235f5f22bb24381891594c42 https://git.kernel.org/stable/c/c76005adfa93d1a027433331252422078750321f https://git.kernel.org/stable/c/e9cfecca22a36b927a440abc6307efb9e138fed5 https://git.kernel.org/stable/c/340e61e44c1d2a15c42ec72ade9195ad525fd048 •