Page 354 of 3168 results (0.017 seconds)

CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The ACK value is considered acceptable only if it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <= SND.NXT). All incoming segments whose ACK value doesn't satisfy the above condition MUST be discarded and an ACK sent back. It needs to be noted that RFC 793 on page 72 (fifth check) says: "If the ACK is a duplicate (SEG.ACK < SND.UNA), it can be ignored. If the ACK acknowledges something not yet sent (SEG.ACK > SND.NXT) then send an ACK, drop the segment, and return". The "ignored" above implies that the processing of the incoming data segment continues, which means the ACK value is treated as acceptable. • https://git.kernel.org/stable/c/354e4aa391ed50a4d827ff6fc11e0667d0859b25 https://git.kernel.org/stable/c/8d15569e14cfcf9151e9e3b4c0cb98369943a2bb https://git.kernel.org/stable/c/e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1 https://git.kernel.org/stable/c/2ee4432e82437a7c051c254b065fbf5d4581e1a3 https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57 https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0 https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be checked after ida_simple_get. When the index value is abnormal, a warning message should be printed, the port should be dropped, and the value should be recorded. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ppdev: agregue una verificación de errores en Register_device. En Register_device, el valor de retorno de ida_simple_get no está marcado, por lo que ida_simple_get usará un valor de índice no válido. Para solucionar este problema, se debe verificar el índice después de ida_simple_get. • https://git.kernel.org/stable/c/9a69645dde1188723d80745c1bc6ee9af2cbe2a7 https://git.kernel.org/stable/c/9c2b46e720d5b083268ca0131f513a90696f3a82 https://git.kernel.org/stable/c/762602796be626cbb6b3a6573e00b9ee7db00c97 https://git.kernel.org/stable/c/65cd017d43f4319a56747d38308b0a24cf57299e https://git.kernel.org/stable/c/b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9 https://git.kernel.org/stable/c/d32caf51379a4d71db03d3d4d7c22d27cdf7f68b https://git.kernel.org/stable/c/b65d0410b879af0295d22438a4a32012786d152a https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa5 •

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_reset. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/arm/malidp: corrige una posible desreferencia del puntero nulo En malidp_mw_connector_reset, se asigna nueva memoria con kzalloc, pero no se realiza ninguna verificación. Para evitar la desreferenciación del puntero nulo, asegúrese de que mw_state esté marcado antes de llamar a __drm_atomic_helper_connector_reset. • https://git.kernel.org/stable/c/8cbc5caf36ef7a299b5cbedf55f27fd898d700bf https://git.kernel.org/stable/c/b6cc5dd06336ed8bb3a7a1fc5aaf7d5e88bc0818 https://git.kernel.org/stable/c/565d9ad7e5a18eb69ed8b66a9e9bb3f45346520c https://git.kernel.org/stable/c/a5fa5b40a278a3ca978fed64707bd27614adb1eb https://git.kernel.org/stable/c/3e54d4e95120641216dfe91a6c49f116a9f68490 https://git.kernel.org/stable/c/e4b52d49383306ef73fd1bd9102538beebb0fe07 https://git.kernel.org/stable/c/335cc45ef2b81b68be63c698b4f867a530bdf7a5 https://git.kernel.org/stable/c/b77620730f614059db2470e8ebab3e725 •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to do that. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: requiere CAP_NET_ADMIN para adjuntar el ldisc N_GSM0710. Cualquier usuario sin privilegios puede adjuntar el ldisc N_GSM0710, pero de todos modos requiere CAP_NET_ADMIN para crear una red GSM. Requiere el espacio de nombres inicial CAP_NET_ADMIN para hacer eso. • https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58 https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167 https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024&# • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect ┌ mutex_lock(&conn->chan_lock); │ chan = pchan->ops->new_connection(pchan); <- alloc chan │ __l2cap_chan_add(conn, chan); │ l2cap_chan_hold(chan); │ list_add(&chan->list, &conn->chan_l); ... (1) └ mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del ┌ mutex_lock(&conn->chan_lock); │ foreach chan in conn->chan_l: ... (2) │ l2cap_chan_put(chan); │ l2cap_chan_destroy │ kfree(chan) ... (3) <- chan freed └ mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: L2CAP: corrige slab-use-after-free en l2cap_connect() Amplia una sección crítica para evitar que chan se libere anticipadamente. También anule el tipo de retorno l2cap_connect(). Nada utiliza el valor devuelto, pero es feo devolver un puntero potencialmente liberado. • https://git.kernel.org/stable/c/73ffa904b78287f6acf8797e040150aa26a4af4a https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5 https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6 https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658 http://www.openwall.com/lists/oss-security/2024/05/30/1 http://www.openwall.com/lists/oss-security/2024/05/30/2 • CWE-416: Use After Free •