Page 387 of 2372 results (0.021 seconds)

CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: valide los parámetros de las operaciones de mapeo de bo con mayor claridad. Verifique los parámetros de amdgpu_vm_bo_(map/replace_map/clearing_mappings) en un lugar común. • https://git.kernel.org/stable/c/dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 https://git.kernel.org/stable/c/d4da6b084f1c5625937d49bb6722c5b4aef11b8d https://git.kernel.org/stable/c/f68039375d4d6d67303674c0ab2d06b7295c0ec9 https://git.kernel.org/stable/c/1fd7db5c16028dc07b2ceec190f2e895dddb532d https://git.kernel.org/stable/c/8b12fc7b032633539acdf7864888b0ebd49e90f2 https://git.kernel.org/stable/c/212e3baccdb1939606420d88f7f52d346b49a284 https://git.kernel.org/stable/c/ef13eeca7c79136bc38e21eb67322c1cbd5c40ee https://git.kernel.org/stable/c/b1f04b9b1c5317f562a455384c5f7473e • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be released. This affects skb fragments reassembled via netfilter or similar modules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline. Eric Dumazet made an initial analysis of this bug. Quoting Eric: Calling ip_defrag() in output path is also implying skb_orphan(), which is buggy because output path relies on sk not disappearing. A relevant old patch about the issue was : 8282f27449bf ("inet: frag: Always orphan skbs inside ip_defrag()") [..] net/ipv4/ip_output.c depends on skb->sk being set, and probably to an inet socket, not an arbitrary one. If we orphan the packet in ipvlan, then downstream things like FQ packet scheduler will not work properly. We need to change ip_defrag() to only use skb_orphan() when really needed, ie whenever frag_list is going to be used. Eric suggested to stash sk in fragment queue and made an initial patch. However there is a problem with this: If skb is refragmented again right after, ip_do_fragment() will copy head->sk to the new fragments, and sets up destructor to sock_wfree. IOW, we have no choice but to fix up sk_wmem accouting to reflect the fully reassembled skb, else wmem will underflow. This change moves the orphan down into the core, to last possible moment. As ip_defrag_offset is aliased with sk_buff->sk member, we must move the offset into the FRAG_CB, else skb->sk gets clobbered. This allows to delay the orphaning long enough to learn if the skb has to be queued or if the skb is completing the reasm queue. In the former case, things work as before, skb is orphaned. This is safe because skb gets queued/stolen and won't continue past reasm engine. In the latter case, we will steal the skb->sk reference, reattach it to the head skb, and fix up wmem accouting when inet_frag inflates truesize. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: inet: inet_defrag: evita la liberación de sk mientras aún está en uso ip_local_out() y otras funciones pueden pasar skb->sk como argumento de función. Si el skb es un fragmento y el reensamblaje ocurre antes de que regrese dicha llamada a la función, el sk no debe liberarse. • https://git.kernel.org/stable/c/7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab https://git.kernel.org/stable/c/1b6de5e6575b56502665c65cf93b0ae6aa0f51ab https://git.kernel.org/stable/c/9705f447bf9a6cd088300ad2c407b5e1c6591091 https://git.kernel.org/stable/c/4318608dc28ef184158b4045896740716bea23f0 https://git.kernel.org/stable/c/7d0567842b78390dd9b60f00f1d8f838d540e325 https://git.kernel.org/stable/c/f4877225313d474659ee53150ccc3d553a978727 https://git.kernel.org/stable/c/e09cbe017311508c21e0739e97198a8388b98981 https://git.kernel.org/stable/c/18685451fc4e546fc0e718580d32df3c0 • CWE-124: Buffer Underwrite ('Buffer Underflow') •

CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register snapshot trigger without an error. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rastreo/activador: Corrección para devolver error si no se pudo asignar la instantánea. Corrección de Register_snapshot_trigger() para devolver código de error si no se pudo asignar una instantánea en lugar de 0 (éxito). A menos que eso, registrará la activación de la instantánea sin error. • https://git.kernel.org/stable/c/57f2a2ad73e99a7594515848f4da987326a15981 https://git.kernel.org/stable/c/0026e356e51ab3b54322eeb445c75a087ede5b9d https://git.kernel.org/stable/c/0bbe7f719985efd9adb3454679ecef0984cb6800 https://git.kernel.org/stable/c/7c6feb347a4bb1f02e55f6814c93b5f7fab887a8 https://git.kernel.org/stable/c/a289fd864722dcf5363fec66a35965d4964df515 https://git.kernel.org/stable/c/7054f86f268c0d9d62b52a4497dd0e8c10a7e5c7 https://git.kernel.org/stable/c/ffa70d104691aa609a18a9a6692049deb35f431f https://git.kernel.org/stable/c/733c611a758c68894a4480fb999637476 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix debugfs directory leak The ULPI per-device debugfs root is named after the ulpi device's parent, but ulpi_unregister_interface tries to remove a debugfs directory named after the ulpi device itself. This results in the directory sticking around and preventing subsequent (deferred) probes from succeeding. Change the directory name to match the ulpi device. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: usb: ulpi: corrige la fuga del directorio debugfs La raíz debugfs por dispositivo ULPI lleva el nombre del dispositivo principal ulpi, pero ulpi_unregister_interface intenta eliminar un directorio debugfs que lleva el nombre del dispositivo ulpi en sí. Esto da como resultado que el directorio permanezca y evite que las pruebas posteriores (diferidas) se realicen correctamente. • https://git.kernel.org/stable/c/bd0a0a024f2a41e7cc8eadb9862f82c45884b69c https://git.kernel.org/stable/c/d31b886ed6a5095214062ee4fb55037eb930adb6 https://git.kernel.org/stable/c/330d22aba17a4d30a56f007d0f51291d7e00862b https://git.kernel.org/stable/c/33713945cc92ea9c4a1a9479d5c1b7acb7fc4df3 https://git.kernel.org/stable/c/3caf2b2ad7334ef35f55b95f3e1b138c6f77b368 https://access.redhat.com/security/cve/CVE-2024-26919 https://bugzilla.redhat.com/show_bug.cgi?id=2275777 •

CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix active state requirement in PME polling The commit noted in fixes added a bogus requirement that runtime PM managed devices need to be in the RPM_ACTIVE state for PME polling. In fact, only devices in low power states should be polled. However there's still a requirement that the device config space must be accessible, which has implications for both the current state of the polled device and the parent bridge, when present. It's not sufficient to assume the bridge remains in D0 and cases have been observed where the bridge passes the D0 test, but the PM state indicates RPM_SUSPENDING and config space of the polled device becomes inaccessible during pci_pme_wakeup(). Therefore, since the bridge is already effectively required to be in the RPM_ACTIVE state, formalize this in the code and elevate the PM usage count to maintain the state while polling the subordinate device. This resolves a regression reported in the bugzilla below where a Thunderbolt/USB4 hierarchy fails to scan for an attached NVMe endpoint downstream of a bridge in a D3hot power state. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: PCI: corrige el requisito de estado activo en el sondeo de PME. La confirmación observada en las correcciones agregó un requisito falso de que los dispositivos administrados por PM en tiempo de ejecución deben estar en el estado RPM_ACTIVE para el sondeo de PME. • https://git.kernel.org/stable/c/d3fcd7360338358aa0036bec6d2cf0e37a0ca624 https://git.kernel.org/stable/c/63b1a3d9dd3b3f6d67f524e76270e66767090583 https://git.kernel.org/stable/c/a4f12e5cbac2865c151d1e97e36eb24205afb23b https://git.kernel.org/stable/c/41044d5360685e78a869d40a168491a70cdb7e73 •