Page 4 of 3017 results (0.003 seconds)

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

02 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case. In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case. • https://git.kernel.org/stable/c/7ccb40f26cbefa1c6dfd3418bea54c9518cdbd8a •

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node blkaddr in truncate_node() syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2534! RIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534 Call Trace: truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909 f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288 f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856 evict+0x4e8/0x9b0 fs/inode.c:723 f2fs_h... • https://git.kernel.org/stable/c/27d6e7eff07f8cce8e83b162d8f21a07458c860d •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this causes dpc_thread to exit and clean up itself. When kthread_stop is called for final cleanup, this causes use after free. Remove UNLOADING signal t... • https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC (aka message data CRC) at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC (indicating a correctly received body length), with the body length being incorrectly set to 0. This will later lead to a memory corrupti... • https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af •

CVSS: 9.7EPSS: 0%CPEs: 2EXPL: 0

27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' An issue was identified in the dcn21_link_encoder_create function where an out-of-bounds access could occur when the hpd_source index was used to reference the link_enc_hpd_regs array. This array has a fixed size and the index was not being checked against the array's bounds before accessing it. This fix adds a conditional check to ensure that the hpd_source index is w... • https://git.kernel.org/stable/c/f01ddd589e162979421e6914b1c74018633f01e0 •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free. In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_... • https://git.kernel.org/stable/c/71b22837a5e55ac27d6a14b9cdf2326587405c4f •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointe... • https://git.kernel.org/stable/c/f6ad641646b67f29c7578dcd6c25813c7dcbf51e •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc() fails, we release the sk object, but leave the dangling pointer in the sock object, which may cause use-after-free. Fix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc(). In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM:... • https://git.kernel.org/stable/c/ac3eaac4cf142a15fe67be747a682b1416efeb6e •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later. In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees ... • https://git.kernel.org/stable/c/884ae8bcee749be43a071d6ed2d89058dbd2425c •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free. Clear the sk pointer in the sock object on error. In the Linux kernel, the following vulnerability has been resolved: net: iee... • https://git.kernel.org/stable/c/1d5fe782c0ff068d80933f9cfd0fd39d5434bbc9 •