Page 352 of 2049 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in is_valid_oplock_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en is_valid_oplock_break() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. A use-after-free flaw was found in the Linux kernel in smb is_valid_oplock_break() when exiting a session. This flaw allows a local attacker to crash the system. • https://git.kernel.org/stable/c/494c91e1e9413b407d12166a61b84200d4d54fac https://git.kernel.org/stable/c/0a15ba88a32fa7a516aff7ffd27befed5334dff2 https://git.kernel.org/stable/c/16d58c6a7db5050b9638669084b63fc05f951825 https://git.kernel.org/stable/c/69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29 https://access.redhat.com/security/cve/CVE-2024-35863 https://bugzilla.redhat.com/show_bug.cgi?id=2281773 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: client: corrige UAF potencial en smb2_is_network_name_deleted() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. A use-after-free flaw was found in the Linux kernel in smb smb2_is_network_name_deleted() when exiting a session. This flaw allows a local attacker to crash the system. • https://git.kernel.org/stable/c/f9414004798d9742c1af23a1d839fe6a9503751c https://git.kernel.org/stable/c/aa582b33f94453fdeaff1e7d0aa252c505975e01 https://git.kernel.org/stable/c/d919b6ea15ffa56fbafef4a1d92f47aeda9af645 https://git.kernel.org/stable/c/63981561ffd2d4987807df4126f96a11e18b0c1d https://access.redhat.com/security/cve/CVE-2024-35862 https://bugzilla.redhat.com/show_bug.cgi?id=2281781 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_signal_cifsd_for_reconnect() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. • https://git.kernel.org/stable/c/7e8360ac8774e19b0b25f44fff84a105bb2417e4 https://git.kernel.org/stable/c/2cfff21732132e363b4cc275d63ea98f1af726c1 https://git.kernel.org/stable/c/f9a96a7ad1e8d25dc6662bc7552e0752de74a20d https://git.kernel.org/stable/c/e0e50401cc3921c9eaf1b0e667db174519ea939f https://access.redhat.com/security/cve/CVE-2024-35861 https://bugzilla.redhat.com/show_bug.cgi?id=2281786 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: bpf: support deferring bpf_link dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and multi-uprobes, link is used to fetch BPF cookie values. Because of this runtime dependency, when bpf_link refcnt drops to zero there could still be active BPF programs running accessing link data. This patch adds generic support to defer bpf_link dealloc callback to after RCU GP, if requested. This is done by exposing two different deallocation callbacks, one synchronous and one deferred. If deferred one is provided, bpf_link_free() will schedule dealloc_deferred() callback to happen after RCU GP. BPF is using two flavors of RCU: "classic" non-sleepable one and RCU tasks trace one. The latter is used when sleepable BPF programs are used. bpf_link_free() accommodates that by checking underlying BPF program's sleepable flag, and goes either through normal RCU GP only for non-sleepable, or through RCU tasks trace GP *and* then normal RCU GP (taking into account rcu_trace_implies_rcu_gp() optimization), if BPF program is sleepable. We use this for multi-kprobe and multi-uprobe links, which dereference link during program run. • https://git.kernel.org/stable/c/0dcac272540613d41c05e89679e4ddb978b612f1 https://git.kernel.org/stable/c/876941f533e7b47fc69977fc4551c02f2d18af97 https://git.kernel.org/stable/c/5d8d447777564b35f67000e7838e7ccb64d525c8 https://git.kernel.org/stable/c/1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: block: fix module reference leakage from bdev_open_by_dev error path At the time bdev_may_open() is called, module reference is grabbed already, hence module reference should be released if bdev_may_open() failed. This problem is found by code review. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bloquear: reparar la fuga de referencia del módulo de la ruta de error bdev_open_by_dev. En el momento en que se llama a bdev_may_open(), la referencia del módulo ya está tomada, por lo tanto, la referencia del módulo debe liberarse si bdev_may_open() fallo. Este problema se encuentra mediante la revisión del código. • https://git.kernel.org/stable/c/ed5cc702d311c14b653323d76062b0294effa66e https://git.kernel.org/stable/c/0e9327c67410b129bf85e5c3a5aaea518328636f https://git.kernel.org/stable/c/9617cd6f24b294552a817f80f5225431ef67b540 https://access.redhat.com/security/cve/CVE-2024-35859 https://bugzilla.redhat.com/show_bug.cgi?id=2281243 •