Page 358 of 4430 results (0.012 seconds)

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: RDMA: Verify port when creating flow rule Validate port value provided by the user and with that remove no longer needed validation by the driver. The missing check in the mlx5_ib driver could cause to the below oops. Call trace: _create_flow_rule+0x2d4/0xf28 [mlx5_ib] mlx5_ib_create_flow+0x2d0/0x5b0 [mlx5_ib] ib_uverbs_ex_create_flow+0x4cc/0x624 [ib_uverbs] ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xd4/0x150 [ib_uverbs] ib_uverbs_cmd_verbs.isra.7+0xb28/0xc50 [ib_uverbs] ib_uverbs_ioctl+0x158/0x1d0 [ib_uverbs] do_vfs_ioctl+0xd0/0xaf0 ksys_ioctl+0x84/0xb4 __arm64_sys_ioctl+0x28/0xc4 el0_svc_common.constprop.3+0xa4/0x254 el0_svc_handler+0x84/0xa0 el0_svc+0x10/0x26c Code: b9401260 f9615681 51000400 8b001c20 (f9403c1a) En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: RDMA: Verificar puerto al crear regla de flujo. Validar valor de puerto proporcionado por el usuario y con ello eliminar la validación que ya no necesita el controlador. La verificación que falta en el controlador mlx5_ib podría provocar los siguientes errores. Seguimiento de llamadas: _create_flow_rule+0x2d4/0xf28 [mlx5_ib] mlx5_ib_create_flow+0x2d0/0x5b0 [mlx5_ib] ib_uverbs_ex_create_flow+0x4cc/0x624 [ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xd4/0x1 50 [ib_uverbs] ib_uverbs_cmd_verbs.isra.7+0xb28/0xc50 [ib_uverbs] ib_uverbs_ioctl+0x158 /0x1d0 [ib_uverbs] do_vfs_ioctl+0xd0/0xaf0 ksys_ioctl+0x84/0xb4 __arm64_sys_ioctl+0x28/0xc4 el0_svc_common.constprop.3+0xa4/0x254 el0_svc_handler+0x84/0xa0 0x10/0x26c Código: b9401260 f9615681 51000400 8b001c20 (f9403c1a) • https://git.kernel.org/stable/c/436f2ad05a0b65b1467ddf51bc68171c381bf844 https://git.kernel.org/stable/c/8dc1b0e0ca204596c50bcd159ee069ae0f998176 https://git.kernel.org/stable/c/2adcb4c5a52a2623cd2b43efa7041e74d19f3a5e •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix Null-point-dereference in fmt_single_name() Check the return value of devm_kstrdup() in case of Null-point-dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: core: corrige la desreferencia de punto nulo en fmt_single_name(). Verifique el valor de retorno de devm_kstrdup() en caso de dereferencia de punto nulo. • https://git.kernel.org/stable/c/45dd9943fce08f1b38352ff9453682253bdf19b7 https://git.kernel.org/stable/c/0e2c9aeb00289f279b8181fbd4c20765127d8943 https://git.kernel.org/stable/c/047fd16015a79180771650aa6ce71f68b2c23368 https://git.kernel.org/stable/c/41daf6ba594d55f201c50280ebcd430590441da1 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: gpio: wcd934x: Fix shift-out-of-bounds error bit-mask for pins 0 to 4 is BIT(0) to BIT(4) however we ended up with BIT(n - 1) which is not right, and this was caught by below usban check UBSAN: shift-out-of-bounds in drivers/gpio/gpio-wcd934x.c:34:14 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: gpio: wcd934x: corrección de error de desplazamiento fuera de los límites. La máscara de bits para los pines 0 a 4 es BIT(0) a BIT(4); sin embargo, terminamos con BIT( n - 1) lo cual no es correcto, y esto fue detectado por la siguiente verificación USB UBSAN: shift-out-of-bounds in drivers/gpio/gpio-wcd934x.c:34:14 • https://git.kernel.org/stable/c/59c324683400b41caa6d85b091e812ee3d5415c3 https://git.kernel.org/stable/c/e0b518a2eb44d8a74c19e50f79a8ed393e96d634 https://git.kernel.org/stable/c/dd55331d493b7ea75c5db1f24d6822946fde2862 https://git.kernel.org/stable/c/dbec64b11c65d74f31427e2b9d5746fbf17bf840 •

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the __string() machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complete copy is necessary to ensure that the tracepoint can't outlive the data/memory it consumes and deference stale memory. Because the tracepoint itself is defined by kvm, if kvm-intel and/or kvm-amd are built as modules, the memory holding the string literals defined by the vendor modules will be freed when the module is unloaded, whereas the tracepoint and its data in the ring buffer will live until kvm is unloaded (or "indefinitely" if kvm is built-in). This bug has existed since the tracepoint was added, but was recently exposed by a new check in tracing to detect exactly this type of bug. fmt: '%s%s ' current_buffer: ' vmx_dirty_log_t-140127 [003] .... kvm_nested_vmenter_failed: ' WARNING: CPU: 3 PID: 140134 at kernel/trace/trace.c:3759 trace_check_vprintf+0x3be/0x3e0 CPU: 3 PID: 140134 Comm: less Not tainted 5.13.0-rc1-ce2e73ce600a-req #184 Hardware name: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014 RIP: 0010:trace_check_vprintf+0x3be/0x3e0 Code: <0f> 0b 44 8b 4c 24 1c e9 a9 fe ff ff c6 44 02 ff 00 49 8b 97 b0 20 RSP: 0018:ffffa895cc37bcb0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffffa895cc37bd08 RCX: 0000000000000027 RDX: 0000000000000027 RSI: 00000000ffffdfff RDI: ffff9766cfad74f8 RBP: ffffffffc0a041d4 R08: ffff9766cfad74f0 R09: ffffa895cc37bad8 R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffc0a041d4 R13: ffffffffc0f4dba8 R14: 0000000000000000 R15: ffff976409f2c000 FS: 00007f92fa200740(0000) GS:ffff9766cfac0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000559bd11b0000 CR3: 000000019fbaa002 CR4: 00000000001726e0 Call Trace: trace_event_printf+0x5e/0x80 trace_raw_output_kvm_nested_vmenter_failed+0x3a/0x60 [kvm] print_trace_line+0x1dd/0x4e0 s_show+0x45/0x150 seq_read_iter+0x2d5/0x4c0 seq_read+0x106/0x150 vfs_read+0x98/0x180 ksys_read+0x5f/0xe0 do_syscall_64+0x40/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86: Garantizar la vivacidad de la VM anidada. Ingrese el mensaje de punto de seguimiento de falla. Utilice la maquinaria __string() proporcionada por el subsistema de seguimiento para hacer una copia de los literales de cadena consumidos por los puntos de seguimiento "nested VM-Enter failed". • https://git.kernel.org/stable/c/380e0055bc7e4a5c687436ba3ccebb4667836b95 https://git.kernel.org/stable/c/796d3bd4ac9316e70c181189318cd2bd98af34bc https://git.kernel.org/stable/c/d046f724bbd725a24007b7e52b2d675249870888 https://git.kernel.org/stable/c/9fb088ce13bc3c59a51260207b487db3e556f275 https://git.kernel.org/stable/c/f31500b0d437a2464ca5972d8f5439e156b74960 •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQ fragments buffer cq->buf, or the temporary cq->resize_buf that is filled during CQ resize operation. However, the offending commit started to use function get_cqe() for getting the CQEs, the issue with this change is that get_cqe() always returns CQEs from cq->buf, which leads us to initialize the wrong buffer, and in case of enlarging the CQ we try to access elements beyond the size of the current cq->buf and eventually hit a kernel panic. [exception RIP: init_cq_frag_buf+103] [ffff9f799ddcbcd8] mlx5_ib_resize_cq at ffffffffc0835d60 [mlx5_ib] [ffff9f799ddcbdb0] ib_resize_cq at ffffffffc05270df [ib_core] [ffff9f799ddcbdc0] llt_rdma_setup_qp at ffffffffc0a6a712 [llt] [ffff9f799ddcbe10] llt_rdma_cc_event_action at ffffffffc0a6b411 [llt] [ffff9f799ddcbe98] llt_rdma_client_conn_thread at ffffffffc0a6bb75 [llt] [ffff9f799ddcbec8] kthread at ffffffffa66c5da1 [ffff9f799ddcbf50] ret_from_fork_nospec_begin at ffffffffa6d95ddd Fix it by getting the needed CQE by calling mlx5_frag_buf_get_wqe() that takes the correct source buffer as a parameter. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/mlx5: Corrección al inicializar el búfer de fragmentos CQ. Se puede llamar a la función init_cq_frag_buf() para inicializar el búfer de fragmentos CQ actual cq-&gt;buf, o el cq-&gt;resize_buf temporal que es rellenado durante la operación de cambio de tamaño de CQ. Sin embargo, la confirmación infractora comenzó a usar la función get_cqe() para obtener los CQE, el problema con este cambio es que get_cqe() siempre devuelve CQE desde cq-&gt;buf, lo que nos lleva a inicializar el búfer incorrecto y, en caso de ampliarlo, En el CQ intentamos acceder a elementos más allá del tamaño del cq-&gt;buf actual y finalmente entramos en pánico en el kernel. [excepción RIP: init_cq_frag_buf+103] [ffff9f799ddcbcd8] mlx5_ib_resize_cq en fffffffc0835d60 [mlx5_ib] [ffff9f799ddcbdb0] ib_resize_cq en fffffffc05270df [ib_core] [ffff9f799ddcbdc0] _rdma_setup_qp en ffffffffc0a6a712 [llt] [ffff9f799ddcbe10] llt_rdma_cc_event_action en ffffffffc0a6b411 [llt] [ffff9f799ddcbe98] llt_rdma_client_conn_thread en ffffffffc0a6bb75 [llt] [ffff9f799ddcbec8] kthread en ffffffffa66c5da1 [ffff9f799ddcbf50] ret_from_fork_nospec_begin en ffffffffa6d95ddd Arréglelo obteniendo el CQE necesario llamando a mlx5_frag_buf_get_wqe() que toma el búfer de origen correcto como parámetro. • https://git.kernel.org/stable/c/388ca8be00370db132464e27f745b8a0add19fcb https://git.kernel.org/stable/c/1ec2dcd680c71d0d36fa25638b327a468babd5c9 https://git.kernel.org/stable/c/e3ecd9c09fcc10cf6b2bc67e2990c397c40a8c26 https://git.kernel.org/stable/c/91f7fdc4cc10542ca1045c06aad23365f0d067e0 https://git.kernel.org/stable/c/3e670c54eda238cb8a1ea93538a79ae89285c1c4 https://git.kernel.org/stable/c/2ba0aa2feebda680ecfc3c552e867cf4d1b05a3a •