Page 401 of 20860 results (0.021 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. ... This issue is made evident by the following KASAN report (trimmed): ========... • https://git.kernel.org/stable/c/c056a6ba35e00ae943e377eb09abd77a6915b31a • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. ... • https://git.kernel.org/stable/c/ca3cda6fcf1e922213a0cc58e708ffb999151db3 •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by comparing context and resource fields. In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_t... • https://git.kernel.org/stable/c/bc63dedb7d46a7d690c6b6edf69136b88af06cc6 •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_releas... • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_rename_path() If smb2_set_path_attr() is called with a valid @cfile and returned -EINVAL, we need to call cifs_get_writable_path() again as the reference of @cfile was already dropped by previous smb2_compound_op() call. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_rename_path() If smb2_set_path_attr() is called w... • https://git.kernel.org/stable/c/1e60bc0e954389af82f1d9a85f13a63f6572350f •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference issue. ... __pfx_io_wq_worker+0x10/0x10 ret_from_fork_asm+0x1a/0x30 In the Linux kernel, the following vulnerability has been resolved: ublk_drv:... • https://git.kernel.org/stable/c/c732a852b419fa057b53657e2daaf9433940391c •

CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0

18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one of them is doing direct IO writes while the other is doing fsync, we have a race where we can end up either: 1) Attempt a fsync without holding the inode's lock, triggering an assertion failures when assertions are enabled; 2) Do an invalid memory access from the fsync task because the file private... • https://git.kernel.org/stable/c/4e17707035a65f6e5b2a4d987a308cf8ed8c5ad1 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

18 Sep 2024 — This results in failures at the unmount stage of the test that look like: BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672 ------------[ cut here ]------------ WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs] Modules linked in: btrfs blake2b_generic libcrc32c... • https://git.kernel.org/stable/c/159f0f61b283ea71e827dd0c18c5dce197de1fa2 •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments Supraja Sridhara, Benedict Schlüter, Mark... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0

18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. • https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376 •