Page 365 of 4925 results (0.009 seconds)

CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt In rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the resp_pkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb is dereferenced to bump a 'hw' performance counter. This is wrong because if the completer task is already running in a separate thread it may have already processed the skb and freed it which can cause a seg fault. This has been observed infrequently in testing at high scale. This patch fixes this by changing the order of enqueuing the packet until after the counter is accessed. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/rxe: corrige la falla de segmentación en rxe_comp_queue_pkt En rxe_comp_queue_pkt(), un paquete de respuesta entrante skb se pone en cola en la cola resp_pkts y luego se toma una decisión si se ejecuta la tarea de finalización en línea o programarla. • https://git.kernel.org/stable/c/0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0 https://git.kernel.org/stable/c/c91fb72a2ca6480d8d77262eef52dc5b178463a3 https://git.kernel.org/stable/c/de5a059e36657442b5637cc16df5163e435b9cb4 https://git.kernel.org/stable/c/e0e14dd35d4242340c7346aac60c7ff8fbf87ffc https://git.kernel.org/stable/c/faa8d0ecf6c9c7c2ace3ca3e552180ada6f75e19 https://git.kernel.org/stable/c/21b4c6d4d89030fd4657a8e7c8110fd941049794 https://git.kernel.org/stable/c/bbad88f111a1829f366c189aa48e7e58e57553fc https://git.kernel.org/stable/c/30df4bef8b8e183333e9b6e9d4509d552 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.1EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure The kcalloc() in dmirror_device_evict_chunk() will return null if the physical memory has run out. As a result, if src_pfns or dst_pfns is dereferenced, the null pointer dereference bug will happen. Moreover, the device is going away. If the kcalloc() fails, the pages mapping a chunk could not be evicted. So add a __GFP_NOFAIL flag in kcalloc(). Finally, as there is no need to have physically contiguous memory, Switch kcalloc() to kvcalloc() in order to avoid failing allocations. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: lib/test_hmm.c: maneja el error de asignación de src_pfns y dst_pfns El kcalloc() en dmirror_device_evict_chunk() devolverá nulo si la memoria física se ha agotado. • https://git.kernel.org/stable/c/b2ef9f5a5cb37643ca5def3516c546457074b882 https://git.kernel.org/stable/c/1a21fdeea502658e315bd939409b755974f4fb64 https://git.kernel.org/stable/c/65e528a69cb3ed4a286c45b4afba57461c8b5b33 https://git.kernel.org/stable/c/ce47e8ead9a72834cc68431d53f8092ce69bebb7 https://git.kernel.org/stable/c/3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc https://git.kernel.org/stable/c/c2af060d1c18beaec56351cf9c9bcbbc5af341a3 https://access.redhat.com/security/cve/CVE-2024-38543 https://bugzilla.redhat.com/show_bug.cgi?id=2293456 • CWE-476: NULL Pointer Dereference •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/mana_ib: verificación de los límites antes de instalar devoluciones de llamadas de cq Agregue una verificación de los límites dentro de mana_ib_install_cq_cb para evitar el desbordamiento del índice. • https://git.kernel.org/stable/c/cf9cc859d6ff37ce52c09dfbb169b9ee25595a3f https://git.kernel.org/stable/c/2a31c5a7e0d87959a03e846523013c75f4395a91 https://git.kernel.org/stable/c/f12afddfb142587d786df9e3cc4862190d3e2ec8 https://git.kernel.org/stable/c/168f6fbde0eabd71d1f4133df7d001a950b96977 https://git.kernel.org/stable/c/f79edef79b6a2161f4124112f9b0c46891bb0b74 •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: of: módulo: agregar control de desbordamiento del búfer of_modalias() En of_modalias(), si el búfer es demasiado pequeño incluso para la primera llamada a snprintf(), el parámetro len se vuelve negativo y el parámetro str (si no es NULL inicialmente) apuntará más allá del final del búfer. Agregue la verificación de desbordamiento del búfer después de la primera llamada a snprintf() y corrija dicha verificación después de la llamada strlen() (teniendo en cuenta el carácter NUL de terminación). A buffer overflow flaw was found in of_modalias() in the Linux kernel, occurring after the first snprintf() call. • https://git.kernel.org/stable/c/bc575064d688c8933a6ca51429bea9bc63628d3b https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6 https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252 https://access.redhat.com/security/cve/CVE-2024-38541 https://bugzilla.redhat.com/show_bug.cgi?id=2293458 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •

CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Undefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0. In that case, "roundup_pow_of_two(hwq_attr->aux_stride)" gets called. roundup_pow_of_two is documented as undefined for 0. Fix it in the one caller that had this combination. The undefined behavior was detected by UBSAN: UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4 Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023 Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 ubsan_epilogue+0x5/0x30 __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec __roundup_pow_of_two+0x25/0x35 [bnxt_re] bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re] bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re] bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re] ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? • https://git.kernel.org/stable/c/0c4dcd602817502bb3dced7a834a13ef717d65a4 https://git.kernel.org/stable/c/a658f011d89dd20cf2c7cb4760ffd79201700b98 https://git.kernel.org/stable/c/627493443f3a8458cb55cdae1da254a7001123bc https://git.kernel.org/stable/c/8b799c00cea6fcfe5b501bbaeb228c8821acb753 https://git.kernel.org/stable/c/78cfd17142ef70599d6409cbd709d94b3da58659 https://access.redhat.com/security/cve/CVE-2024-38540 https://bugzilla.redhat.com/show_bug.cgi?id=2293459 • CWE-125: Out-of-bounds Read •