Page 350 of 3190 results (0.008 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nf_bridge_info An skb can be added to a neigh->arp_queue while waiting for an arp reply. Where original skb's skb->dev can be different to neigh's neigh->dev. For instance in case of bridging dnated skb from one veth to another, the skb would be added to a neigh->arp_queue of the bridge. As skb->dev can be reset back to nf_bridge->physindev and used, and as there is no explicit mechanism that prevents this physindev from been freed under us (for instance neigh_flush_dev doesn't cleanup skbs from different device's neigh queue) we can crash on e.g. this stack: arp_process neigh_update skb = __skb_dequeue(&neigh->arp_queue) neigh_resolve_output(..., skb) ... br_nf_dev_xmit br_nf_pre_routing_finish_bridge_slow skb->dev = nf_bridge->physindev br_handle_frame_finish Let's use plain ifindex instead of net_device link. To peek into the original net_device we will use dev_get_by_index_rcu(). Thus either we get device and are safe to use it or we don't get it and drop skb. • https://git.kernel.org/stable/c/c4e70a87d975d1f561a00abfe2d3cefa2a486c95 https://git.kernel.org/stable/c/7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b https://git.kernel.org/stable/c/9325e3188a9cf3f69fc6f32af59844bbc5b90547 https://git.kernel.org/stable/c/544add1f1cfb78c3dfa3e6edcf4668f6be5e730c https://git.kernel.org/stable/c/9874808878d9eed407e3977fd11fee49de1e1d86 https://access.redhat.com/security/cve/CVE-2024-35839 https://bugzilla.redhat.com/show_bug.cgi?id=2281284 •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: calipso: fix memory leak in netlbl_calipso_add_pass() If IPv6 support is disabled at boot (ipv6.disable=1), the calipso_init() -> netlbl_calipso_ops_register() function isn't called, and the netlbl_calipso_ops_get() function always returns NULL. In this case, the netlbl_calipso_add_pass() function allocates memory for the doi_def variable but doesn't free it with the calipso_doi_free(). BUG: memory leak unreferenced object 0xffff888011d68180 (size 64): comm "syz-executor.1", pid 10746, jiffies 4295410986 (age 17.928s) hex dump (first 32 bytes): 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<...>] kmalloc include/linux/slab.h:552 [inline] [<...>] netlbl_calipso_add_pass net/netlabel/netlabel_calipso.c:76 [inline] [<...>] netlbl_calipso_add+0x22e/0x4f0 net/netlabel/netlabel_calipso.c:111 [<...>] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739 [<...>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] [<...>] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800 [<...>] netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2515 [<...>] genl_rcv+0x29/0x40 net/netlink/genetlink.c:811 [<...>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] [<...>] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1339 [<...>] netlink_sendmsg+0x90a/0xdf0 net/netlink/af_netlink.c:1934 [<...>] sock_sendmsg_nosec net/socket.c:651 [inline] [<...>] sock_sendmsg+0x157/0x190 net/socket.c:671 [<...>] ____sys_sendmsg+0x712/0x870 net/socket.c:2342 [<...>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2396 [<...>] __sys_sendmsg+0xea/0x1b0 net/socket.c:2429 [<...>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 [<...>] entry_SYSCALL_64_after_hwframe+0x61/0xc6 Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller [PM: merged via the LSM tree at Jakub Kicinski request] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: calipso: corrige la pérdida de memoria en netlbl_calipso_add_pass() Si la compatibilidad con IPv6 está deshabilitada en el arranque (ipv6.disable=1), no se llama a la función calipso_init() -&gt; netlbl_calipso_ops_register() y la función netlbl_calipso_ops_get() siempre devuelve NULL. En este caso, la función netlbl_calipso_add_pass() asigna memoria para la variable doi_def pero no la libera con calipso_doi_free(). ERROR: pérdida de memoria, objeto sin referencia 0xffff888011d68180 (tamaño 64): comunicación "syz-executor.1", pid 10746, jiffies 4295410986 (edad 17,928 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................. ... seguimiento: [&lt;...&gt;] kmalloc include/linux/slab.h:552 [en línea] [&lt;...&gt;] netlbl_calipso_add_pass net/netlabel/netlabel_calipso.c:76 [en línea] [&lt;... • https://git.kernel.org/stable/c/cb72d38211eacda2dd90b09540542b6582da614e https://git.kernel.org/stable/c/9a8f811a146aa2a0230f8edb2e9f4b6609aab8da https://git.kernel.org/stable/c/36e19f84634aaa94f543fedc0a07588949638d53 https://git.kernel.org/stable/c/44a88650ba55e6a7f2ec485d2c2413ba7e216f01 https://git.kernel.org/stable/c/a4529a08d3704c17ea9c7277d180e46b99250ded https://git.kernel.org/stable/c/321b3a5592c8a9d6b654c7c64833ea67dbb33149 https://git.kernel.org/stable/c/408bbd1e1746fe33e51f4c81c2febd7d3841d031 https://git.kernel.org/stable/c/f14d36e6e97fe935a20e0ceb159c100f9 •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/powernv: agregue una verificación de puntero null en opal_powercap_init() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. • https://git.kernel.org/stable/c/b9ef7b4b867f56114bedbe6bf104cfaba0ca818e https://git.kernel.org/stable/c/9da4a56dd3772570512ca58aa8832b052ae910dc https://git.kernel.org/stable/c/a67a04ad05acb56640798625e73fa54d6d41cce1 https://git.kernel.org/stable/c/6b58d16037217d0c64a2a09b655f370403ec7219 https://git.kernel.org/stable/c/f152a6bfd187f67afeffc9fd68cbe46f51439be0 https://git.kernel.org/stable/c/69f95c5e9220f77ce7c540686b056c2b49e9a664 https://git.kernel.org/stable/c/b02ecc35d01a76b4235e008d2dd292895b28ecab https://git.kernel.org/stable/c/e123015c0ba859cf48aa7f89c5016cc6e • CWE-476: NULL Pointer Dereference •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function With tpd12s015_remove() marked with __exit this function is discarded when the driver is compiled as a built-in. The result is that when the driver unbinds there is no cleanup done which results in resource leakage or worse. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/bridge: tpd12s015: Eliminar anotación __exit con errores para eliminar función Con tpd12s015_remove() marcado con __exit, esta función se descarta cuando el controlador se compila como integrado. El resultado es que cuando el controlador se desvincula no se realiza ninguna limpieza, lo que resulta en una fuga de recursos o algo peor. • https://git.kernel.org/stable/c/cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c https://git.kernel.org/stable/c/53926e2a39629702f7f809d614b3ca89c2478205 https://git.kernel.org/stable/c/08ccff6ece35f08e8107e975903c370d849089e5 https://git.kernel.org/stable/c/81f1bd85960b7a089a91e679ff7cd2524390bbf1 https://git.kernel.org/stable/c/a8657406e12aa10412134622c58977ac657f16d2 https://git.kernel.org/stable/c/e00ec5901954d85b39b5f10f94e60ab9af463eb1 https://git.kernel.org/stable/c/ce3e112e7ae854249d8755906acc5f27e1542114 https://lists.debian.org/debian-lts-announce/2024/06/ •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because acpi_ut_acquire_mutex() fails inside acpi_get_parent), this can lead to incorrect (uninitialized) acpi_parent handle being passed to acpi_get_pci_dev() for detecting the parent pci device. Check acpi_get_parent() result and set parent device only in case of success. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: vídeo: comprueba si hay errores al buscar el dispositivo de retroiluminación principal. Si la llamada acpi_get_parent() en acpi_video_dev_register_backlight() fallo, por ejemplo, porque acpi_ut_acquire_mutex() fallo dentro de acpi_get_parent), esto puede provocar que se pase el identificador acpi_parent incorrecto (no inicializado) a acpi_get_pci_dev() para detectar el dispositivo pci principal. Verifique el resultado de acpi_get_parent() y configure el dispositivo principal solo en caso de éxito. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/9661e92c10a9775243c1ecb73373528ed8725a10 https://git.kernel.org/stable/c/556f02699d33c1f40b1b31bd25828ce08fa165d8 https://git.kernel.org/stable/c/1e3a2b9b4039bb4d136dca59fb31e06465e056f3 https://git.kernel.org/stable/c/c4e1a0ef0b4782854c9b77a333ca912b392bed2f https://git.kernel.org/stable/c/3a370502a5681986f9828e43be75ce26c6ab24af https://git.kernel.org/stable/c/2124c5bc22948fc4d09a23db4a8acdccc7d21e95 https://git.kernel.org/stable/c/39af144b6d01d9b40f52e5d773e653957e6c379c https://git.kernel.org/stable/c/72884ce4e10417b1233b614bf134da852 •