Page 36 of 7754 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctp_v6_available() A lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints that sctp_v6_available() is calling dev_get_by_index_rcu() and ipv6_chk_addr() without holding rcu. [1] ============================= WARNING: suspicious RCU usage 6.12.0-rc5-virtme #1216 Tainted: G W ----------------------------- net/core/dev.c:876 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_sch... • https://git.kernel.org/stable/c/6fe1e52490a91cb23f6b3aafc93e7c5beb99f862 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of get_page() and page_ref_inc() APIs to increment the page reference. But on the release path (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used. This is an issue when using pages from large folios: the get_page() references are stored on the folio page while the page_ref_inc() references are stored directly in the given page. On releas... • https://git.kernel.org/stable/c/84d1bb2b139e0184b1754aa1b5776186b475fce8 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. User access was not enabled around the cache maintenance instructions, causing them to fault. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: reparar cacheflush con PAN Parece que la llamada al sistema cacheflush se rompió cuando se implementó PAN para LPAE. El acceso de usuario no estaba habilitado en torn... • https://git.kernel.org/stable/c/7af5b901e84743c608aae90cb0e429702812c324 •

CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0

04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS. As Hugh commented, "added just to silence a syzbot sanitizer splat: added where there has never been any practical problem". En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: revert "mm: shmem: fix data-race in shmem... • https://git.kernel.org/stable/c/9fb9703cd43ee20a6de8ccdef991677b7274cec0 •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad bugs in the implementation, some of which are fatal to the guest, and others which put the stability and health of the host at risk. For guest fatalities, the most glaring issue is that KVM fails to ensure traci... • https://git.kernel.org/stable/c/f99e3daf94ff35dd4a878d32ff66e1fd35223ad6 •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be 'i < bc->onecell_data.num_domains', not 'bc->onecell_data.num_domains' which will make the look never finish and cause kernel panic. Also disable runtime to address "imx93-blk-ctrl 4ac10000.system-controller: Unbalanced pm_runtime_enable!" En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pmdomain: imx93-blk-ctrl: ruta de eliminación correcta La con... • https://git.kernel.org/stable/c/e9aa77d413c903ba4cf7da3fe0b419cae5b97a81 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why] In the case where a dml allocation fails for any reason, the current state's dml contexts would no longer be valid. Then subsequent calls dc_state_copy_internal would shallow copy invalid memory and if the new state was released, a double free would occur. [How] Reset dml pointers in new_state to NULL and avoid invalid pointer (cherry picked from commit bcafdc61529a48f6f063... • https://git.kernel.org/stable/c/874ff59cde8fc525112dda26b501a1bac17dde9f •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix "Missing outer runtime PM protection" warning Fix the following drm_WARN: [953.586396] xe 0000:00:02.0: [drm] Missing outer runtime PM protection ... <4> [953.587090] ? xe_pm_runtime_get_noresume+0x8d/0xa0 [xe] <4> [953.587208] guc_exec_queue_add_msg+0x28/0x130 [xe] <4> [953.587319] guc_exec_queue_fini+0x3a/0x40 [xe] <4> [953.587425] xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> [953.587515] xe_oa_release+0x9c/0xc0 [xe] (cherry pi... • https://git.kernel.org/stable/c/e936f885f1e96f59d9d05fb6cb5a02b9b9b88a05 •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using "block:block_touch_buffer" tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protect... • https://git.kernel.org/stable/c/5305cb830834549b9203ad4d009ad5483c5e293f •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the "block:block_dirty_buffer" tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the curr... • https://git.kernel.org/stable/c/5305cb830834549b9203ad4d009ad5483c5e293f •