Page 426 of 3105 results (0.007 seconds)

CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hwmon: (coretemp) Arreglar el acceso a memoria fuera de los límites Arreglar un error que pdata->cpu_map[] está configurado antes de la verificación de los límites. El problema podría surgir en sistemas con más de 128 núcleos por paquete. • https://git.kernel.org/stable/c/4f9dcadc55c21b39b072bb0882362c7edc4340bc https://git.kernel.org/stable/c/c00cdfc9bd767ee743ad3a4054de17aeb0afcbca https://git.kernel.org/stable/c/d9f0159da05df869071164edf0c6d7302efc5eca https://git.kernel.org/stable/c/30cf0dee372baf9b515f2d9c7218f905fddf3cdb https://git.kernel.org/stable/c/7108b80a542b9d65e44b36d64a700a83658c0b73 https://git.kernel.org/stable/c/d1de8e1ae924d9dc31548676e4a665b52ebee27e https://git.kernel.org/stable/c/93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6a https://git.kernel.org/stable/c/1eb74c00c9c3b13cb65e508c5d5a2f11a • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] ... RIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291 ... Call Trace: <TASK> tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646 tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089 genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972 genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline] genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367 netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638 __sys_sendmsg+0x117/0x1e0 net/socket.c:2667 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b The cause of this issue is that when tipc_nl_bearer_add() is called with the TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called even if the bearer is not UDP. tipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that the media_ptr field of the tipc_bearer has an udp_bearer type object, so the function goes crazy for non-UDP bearers. This patch fixes the issue by checking the bearer type before calling tipc_udp_nl_bearer_add() in tipc_nl_bearer_add(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: tipc: verifique el tipo de portador antes de llamar a tipc_udp_nl_bearer_add() syzbot informó la siguiente falla de protección general [1]: falla de protección general, probablemente para la dirección no canónica 0xdffffc0000000010: 0000 [#1 ] PREEMPT SMP KASAN KASAN: null-ptr-deref en el rango [0x00000000000000080-0x0000000000000087] ... RIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291 ... Seguimiento de llamadas: tipc_udp_ nl_bearer_add+ 0x212/0x2f0 net/tipc/udp_media.c:646 tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089 genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972 genl_family_rcv_msg net/netlink/genetlink. c:1052 [en línea] genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/ af_netlink.c:1341 [en línea] netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367 netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:730 [en línea] __sock_sendmsg+0xd 5 /0x180 net/socket.c:745 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638 __sys_sendmsg+0x117/0x1e0 net/socket.c:2667 do_syscall_x 64 arco/x86/ Entry/common.c:52 [en línea] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63/0x6b La causa de este problema es que cuando se llama a tipc_nl_bearer_add() con el atributo TIPC_NLA_BEARER_UDP_OPTS, tipc_udp_nl_bear er_añadir () se llama incluso si el portador no es UDP. tipc_udp_is_known_peer() llamado por tipc_udp_nl_bearer_add() supone que el campo media_ptr de tipc_bearer tiene un objeto de tipo udp_bearer, por lo que la función se vuelve loca para los portadores que no son UDP. Este parche soluciona el problema al verificar el tipo de portador antes de llamar a tipc_udp_nl_bearer_add() en tipc_nl_bearer_add(). • https://git.kernel.org/stable/c/ef20cd4dd1633987bcf46ac34ace2c8af212361f https://git.kernel.org/stable/c/24ec8f0da93b8a9fba11600be8a90f0d73fb46f1 https://git.kernel.org/stable/c/6f70f0b412458c622a12d4292782c8e92e210c2f https://git.kernel.org/stable/c/19d7314f2fb9515bdaac9829d4d8eb34edd1fe95 https://git.kernel.org/stable/c/c1701ea85ef0ec7be6a1b36c7da69f572ed2fd12 https://git.kernel.org/stable/c/3d3a5b31b43515b5752ff282702ca546ec3e48b6 https://git.kernel.org/stable/c/888e3524be87f3df9fa3c083484e4b62b3e3bb59 https://git.kernel.org/stable/c/0cd331dfd6023640c9669d0592bc0fd49 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' 'panel_cntl' structure used to control the display panel could be null, dereferencing it could lead to a null pointer access. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn21/dcn21_hwseq.c:269 dcn21_set_backlight_level() error: we previously assumed 'panel_cntl' could be null (see line 250) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: la solución 'panel_cntl' podría ser nula en 'dcn21_set_backlight_level()'. La estructura 'panel_cntl' utilizada para controlar el panel de visualización podría ser nula, desreferenciarla podría conducir a un acceso de puntero nulo. Corrige lo siguiente: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn21/dcn21_hwseq.c:269 Error de dcn21_set_backlight_level(): previamente asumimos que 'panel_cntl' podría ser nulo (consulte la línea 250) • https://git.kernel.org/stable/c/474ac4a875ca6fea3fc5183d3ad22ef7523dca53 https://git.kernel.org/stable/c/2e150ccea13129eb048679114808eb9770443e4d https://git.kernel.org/stable/c/0c863cab0e9173f8b6c7bc328bee3b8625f131b5 https://git.kernel.org/stable/c/e96fddb32931d007db12b1fce9b5e8e4c080401b https://access.redhat.com/security/cve/CVE-2024-26662 https://bugzilla.redhat.com/show_bug.cgi?id=2272786 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' In "u32 otg_inst = pipe_ctx->stream_res.tg->inst;" pipe_ctx->stream_res.tg could be NULL, it is relying on the caller to ensure the tg is not NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: agregue prueba NULL para 'generador de sincronización' en 'dcn21_set_pipe()' en "u32 otg_inst = pipe_ctx-&gt;stream_res.tg-&gt;inst;" pipe_ctx-&gt;stream_res.tg podría ser NULL, depende de la persona que llama garantizar que el tg no sea NULL. A NULL pointer dereference flaw was found in the Linux kernel in dcn21_set_pipe(). This issue may lead to a crash. • https://git.kernel.org/stable/c/474ac4a875ca6fea3fc5183d3ad22ef7523dca53 https://git.kernel.org/stable/c/3f3c237a706580326d3b7a1b97697e5031ca4667 https://git.kernel.org/stable/c/39f24c08363af1cd945abad84e3c87fd3e3c845a https://git.kernel.org/stable/c/66951d98d9bf45ba25acf37fe0747253fafdf298 https://access.redhat.com/security/cve/CVE-2024-26661 https://bugzilla.redhat.com/show_bug.cgi?id=2272784 • CWE-476: NULL Pointer Dereference •

CVSS: 4.1EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes such assumption and releases the TD, allowing the remaining TRBs to be freed or overwritten by new TDs. The xHC should also report completion of the final TRB due to its IOC flag being set by us, regardless of prior errors. This event cannot be recognized if the TD has already been freed earlier, resulting in "Transfer event TRB DMA ptr not part of current TD" error message. Fix this by reusing the logic for processing isoc Transaction Errors. This also handles hosts which fail to report the final completion. Fix transfer length reporting on Babble errors. They may be caused by device malfunction, no guarantee that the buffer has been filled. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xhci: maneja correctamente los eventos isoc Babble y Buffer Overrun xHCI 4.9 prohíbe explícitamente suponer que xHC ha liberado su propiedad de un TD multi-TRB cuando informa un error en uno de los primeros TRB. • https://git.kernel.org/stable/c/696e4112e5c1ee61996198f0ebb6ca3fab55166e https://git.kernel.org/stable/c/2aa7bcfdbb46241c701811bbc0d64d7884e3346c https://git.kernel.org/stable/c/2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3 https://git.kernel.org/stable/c/f5e7ffa9269a448a720e21f1ed1384d118298c97 https://git.kernel.org/stable/c/418456c0ce56209610523f21734c5612ee634134 https://git.kernel.org/stable/c/7c4650ded49e5b88929ecbbb631efb8b0838e811 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://access.redhat.com/security/cve/CVE-2024 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •