Page 357 of 6205 results (0.010 seconds)

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfc_genl_dump_devices_done When kmalloc in nfc_genl_dump_devices() fails then nfc_genl_dump_devices_done() segfaults as below KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014 Workqueue: events netlink_sock_destruct_work RIP: 0010:klist_iter_exit+0x26/0x80 Call Trace: <TASK> class_dev_iter_exit+0x15/0x20 nfc_genl_dump_devices_done+0x3b/0x50 genl_lock_done+0x84/0xd0 netlink_sock_destruct+0x8f/0x270 __sk_destruct+0x64/0x3b0 sk_destruct+0xa8/0xd0 __sk_free+0x2e8/0x3d0 sk_free+0x51/0x90 netlink_sock_destruct_work+0x1c/0x20 process_one_work+0x411/0x710 worker_thread+0x6fd/0xa80 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: corrige el error de segmentación en nfc_genl_dump_devices_done Cuando falla kmalloc en nfc_genl_dump_devices(), entonces el error de segmentación de nfc_genl_dump_devices_done() se muestra a continuación KASAN: null-ptr-deref en el rango [0x0000000000000008-0x00 0000000000000f] CPU: 0 PID : 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5 Nombre del hardware: PC estándar QEMU (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/ 2014 Cola de trabajo: eventos netlink_sock_destruct_work RIP: 0010:klist_iter_exit+0x26/0x80 Seguimiento de llamadas: class_dev_iter_exit+0x15/0x20 nfc_genl_dump_devices_done+0x3b/0x50 genl_lock_done+0x84/0xd0 estructura+0x8f/0x270 __sk_destruct+0x64/0x3b0 sk_destruct+0xa8/0xd0 __sk_free+0x2e8/0x3d0 sk_free+0x51/0x90 netlink_sock_destruct_work+0x1c/0x20 Process_one_work+0x411/0x710 trabajador_thread+0x6fd/0xa80 • https://git.kernel.org/stable/c/ea55b3797878752aa076b118afb727dcf79cac34 https://git.kernel.org/stable/c/214af18abbe39db05beb305b2d11e87d09a6529c https://git.kernel.org/stable/c/6644989642844de830f9b072cd65c553cb55946c https://git.kernel.org/stable/c/2a8845b9603c545fddd17862282dc4c4ce0971e3 https://git.kernel.org/stable/c/d731ecc6f2eaec68f4ad1542283bbc7d07bd0112 https://git.kernel.org/stable/c/c602863ad28ec86794cb4ab4edea5324f555f181 https://git.kernel.org/stable/c/d89e4211b51752daf063d638af50abed2fd5f96d https://git.kernel.org/stable/c/fd79a0cbf0b2e34bcc45b13acf962e203 •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: mac80211: validate extended element ID is present Before attempting to parse an extended element, verify that the extended element ID is present. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mac80211: validar que el ID del elemento extendido esté presente Antes de intentar analizar un elemento extendido, verifique que el ID del elemento extendido esté presente. • https://git.kernel.org/stable/c/41cbb0f5a29592874355e4159489eb08337cd50e https://git.kernel.org/stable/c/03029bb044ccee60adbc93e70713f3ae58abc3a1 https://git.kernel.org/stable/c/a19cf6844b509d44ecbd536f33d314d91ecdd2b5 https://git.kernel.org/stable/c/7fd214fc7f2ee3a89f91e717e3cfad55f5a27045 https://git.kernel.org/stable/c/c62b16f98688ae7bc0ab23a6490481f4ce9b3a49 https://git.kernel.org/stable/c/768c0b19b50665e337c96858aa2b7928d6dcf756 •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null ptr access msm_ioctl_gem_submit() Fix the below null pointer dereference in msm_ioctl_gem_submit(): 26545.260705: Call trace: 26545.263223: kref_put+0x1c/0x60 26545.266452: msm_ioctl_gem_submit+0x254/0x744 26545.270937: drm_ioctl_kernel+0xa8/0x124 26545.274976: drm_ioctl+0x21c/0x33c 26545.278478: drm_compat_ioctl+0xdc/0xf0 26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100 26545.287169: el0_svc_common+0xf8/0x250 26545.291025: do_el0_svc_compat+0x28/0x54 26545.295066: el0_svc_compat+0x10/0x1c 26545.298838: el0_sync_compat_handler+0xa8/0xcc 26545.303403: el0_sync_compat+0x188/0x1c0 26545.307445: Code: d503201f d503201f 52800028 4b0803e8 (b8680008) 26545.318799: Kernel panic - not syncing: Oops: Fatal exception En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm: corrige el acceso ptr nulo msm_ioctl_gem_submit() Corrige la siguiente desreferencia del puntero nulo en msm_ioctl_gem_submit(): 26545.260705: Rastreo de llamadas: 26545.263223: kref_put+0x1c/0x60 26545.266452 msm: _ioctl_gem_submit+ 0x254/0x744 26545.270937: drm_ioctl_kernel+0xa8/0x124 26545.274976: drm_ioctl+0x21c/0x33c 26545.278478: drm_compat_ioctl+0xdc/0xf0 : __arm64_compat_sys_ioctl+0xc8/0x100 26545.287169: el0_svc_common+0xf8/0x250 26545.291025: do_el0_svc_compat+0x28/0x54 26545.295066: 0 /0x1c 26545.298838: el0_sync_compat_handler+0xa8/0xcc 26545.303403: el0_sync_compat+0x188/0x1c0 26545.307445: Código: d503201f d503201f 52800028 4b0803e8 680008) 26545.318799: Pánico del kernel: no se sincroniza: Ups: excepción fatal • https://git.kernel.org/stable/c/f6db3d98f876870c35e96693cfd54752f6199e59 https://git.kernel.org/stable/c/26d776fd0f79f093a5d0ce1a4c7c7a992bc3264c •

CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30. Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scpi: corrige el desbordamiento de cadena en el controlador SCPI genpd. Sin las comprobaciones vinculadas para scpi_pd-&gt;name, podría provocar un desbordamiento del búfer al copiar el nombre del dispositivo SCPI del dispositivo correspondiente. El nodo del árbol como cadena de nombre se establece en un tamaño máximo de 30. Arreglemoslo usando devm_kasprintf para que el búfer de cadena se asigne dinámicamente. • https://git.kernel.org/stable/c/8bec4337ad4023b26de35d3b0c3a3b2735ffc5c7 https://git.kernel.org/stable/c/639901b9429a3195e0fead981ed74b51f5f31538 https://git.kernel.org/stable/c/4694b1ec425a2d20d6f8ca3db594829fdf5f2672 https://git.kernel.org/stable/c/7e8645ca2c0046f7cd2f0f7d569fc036c8abaedb https://git.kernel.org/stable/c/802a1a8501563714a5fe8824f4ed27fec04a0719 https://git.kernel.org/stable/c/f0f484714f35d24ffa0ecb4afe3df1c5b225411d https://git.kernel.org/stable/c/976389cbb16cee46847e5d06250a3a0b5506781e https://git.kernel.org/stable/c/865ed67ab955428b9aa771d8b4f1e4fb7 • CWE-787: Out-of-bounds Write •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 ("bpf: Propagate stack bounds to registers in atomics w/ BPF_FETCH") around check_mem_access() handling is buggy since this would allow for unprivileged users to leak kernel pointers. For example, an atomic fetch/and with -1 on a stack destination which holds a spilled pointer will migrate the spilled register type into a scalar, which can then be exported out of the program (since scalar != pointer) by dumping it into a map value. The original implementation of XADD was preventing this situation by using a double call to check_mem_access() one with BPF_READ and a subsequent one with BPF_WRITE, in both cases passing -1 as a placeholder value instead of register as per XADD semantics since it didn't contain a value fetch. The BPF_READ also included a check in check_stack_read_fixed_off() which rejects the program if the stack slot is of __is_pointer_value() if dst_regno < 0. The latter is to distinguish whether we're dealing with a regular stack spill/ fill or some arithmetical operation which is disallowed on non-scalars, see also 6e7e63cbb023 ("bpf: Forbid XADD on spilled pointers for unprivileged users") for more context on check_mem_access() and its handling of placeholder value -1. One minimally intrusive option to fix the leak is for the BPF_FETCH case to initially check the BPF_READ case via check_mem_access() with -1 as register, followed by the actual load case with non-negative load_reg to propagate stack bounds to registers. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf: corrige la fuga de la dirección del kernel en la recuperación atómica. • https://git.kernel.org/stable/c/37086bfdc737ea6f66bf68dcf16757004d68e1e1 https://git.kernel.org/stable/c/423628125a484538111c2c6d9bb1588eb086053b https://git.kernel.org/stable/c/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 •