Page 439 of 2514 results (0.015 seconds)

CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl. Create wrappers that add locking for paths outside of the core interrupt code. In particular, irq_type is updated holding igate, therefore testing is_intx() requires holding igate. For example clearing DisINTx from config space can otherwise race changes of the interrupt configuration. This aligns interfaces which may trigger the INTx eventfd into two camps, one side serialized by igate and the other only enabled while INTx is configured. A subsequent patch introduces synchronization for the latter flows. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: vfio/pci: bloquear operaciones de enmascaramiento INTx externas Las operaciones de enmascaramiento a través de cambios en el espacio de configuración a DisINTx pueden acelerar los cambios de configuración de INTx a través de ioctl. • https://git.kernel.org/stable/c/89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42 https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3 https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6 https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5 https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651 https://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40 https://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix requires: 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol") which came after: 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path"). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_set_pipapo: libera elementos en el clon solo desde la ruta de destrucción. El clon ya siempre proporciona una vista actual de la tabla de búsqueda, úsala para destruir el conjunto; de lo contrario, es posible destruir elementos. dos veces. Esta solución requiere: 212ed75dc5fb ("netfilter: nf_tables: integrar pipapo en el protocolo de confirmación") que vino después: 9827a0e6e23b ("netfilter: nft_set_pipapo: liberar elementos en clon desde la ruta de cancelación"). • https://git.kernel.org/stable/c/4a6430b99f67842617c7208ca55a411e903ba03a https://git.kernel.org/stable/c/5ccecafc728b0df48263d5ac198220bcd79830bc https://git.kernel.org/stable/c/9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e https://git.kernel.org/stable/c/d2b18d110685ce46ca1633b8ec586c685e243a51 https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144 https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae6 •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevice remains in the hook list. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nft_chain_filter: maneja NETDEV_UNREGISTER para la cadena base inet/ingress Elimine netdevice de la cadena base inet/ingress en caso de que se informe el evento NETDEV_UNREGISTER; de lo contrario, permanecerá una referencia obsoleta a netdevice en la lista de enlaces. A vulnerability was found in the Linux kernel's netfilter subsystem, related to the nft_chain_filter feature. This issue occurs when a NETDEV_UNREGISTER event is reported, which can leave a stale reference to a network device in the ingress basechain. If this issue is not addressed, this stale reference could result in lingering issues with network device handling. • https://git.kernel.org/stable/c/60a3815da702fd9e4759945f26cce5c47d3967ad https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58 https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3 https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4 https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913 https://lists.debian.org/debian-lts-announce/2024/06/ • CWE-416: Use After Free •

CVSS: -EPSS: 0%CPEs: 10EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi ->runtime_suspend() and ->runtime_resume() implementations start with: struct cqspi_st *cqspi = dev_get_drvdata(dev); struct spi_controller *host = dev_get_drvdata(dev); This obviously cannot be correct, unless "struct cqspi_st" is the first member of " struct spi_controller", or the other way around, but it is not the case. "struct spi_controller" is allocated by devm_spi_alloc_host(), which allocates an extra amount of memory for private data, used to store "struct cqspi_st". The ->probe() function of the cadence-quadspi driver then sets the device drvdata to store the address of the "struct cqspi_st" structure. Therefore: struct cqspi_st *cqspi = dev_get_drvdata(dev); is correct, but: struct spi_controller *host = dev_get_drvdata(dev); is not, as it makes "host" point not to a "struct spi_controller" but to the same "struct cqspi_st" structure as above. This obviously leads to bad things (memory corruption, kernel crashes) directly during ->probe(), as ->probe() enables the device using PM runtime, leading the ->runtime_resume() hook being called, which in turns calls spi_controller_resume() with the wrong pointer. This has at least been reported [0] to cause a kernel crash, but the exact behavior will depend on the memory contents. [0] https://lore.kernel.org/all/20240226121803.5a7r5wkpbbowcxgx@dhruva/ This issue potentially affects all platforms that are currently using the cadence-quadspi driver. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: cadence-qspi: corrige la referencia del puntero en los ganchos PM en tiempo de ejecución dev_get_drvdata() se utiliza para adquirir el puntero a cqspi y el controlador SPI. Ninguno de los dos integra al otro; Esto conduce a la corrupción de la memoria. • https://git.kernel.org/stable/c/2087e85bb66ee3652dafe732bb9b9b896229eafc https://git.kernel.org/stable/c/e3f9fc9a4f1499cc9e1bad4482d377494e367b3d https://git.kernel.org/stable/c/6716203844bc8489af5e5564f0fa31e0c094a7ff https://git.kernel.org/stable/c/b24f1ecc8fe2ceefc14af02edb1744c246d87bf7 https://git.kernel.org/stable/c/d453f25faf681799d636fe9d6899ad91c45aa11e https://git.kernel.org/stable/c/79acf7fb856eade9c3d0cf00fd34a04bf5c43a1c https://git.kernel.org/stable/c/18cb554e9da81bc4eca653c17a0d65e8b5835c09 https://git.kernel.org/stable/c/1368dbc0a432acf9fc0dcb23bfe52d32c •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks The ->runtime_suspend() and ->runtime_resume() callbacks are not expected to call spi_controller_suspend() and spi_controller_resume(). Remove calls to those in the cadence-qspi driver. Those helpers have two roles currently: - They stop/start the queue, including dealing with the kworker. - They toggle the SPI controller SPI_CONTROLLER_SUSPENDED flag. It requires acquiring ctlr->bus_lock_mutex. Step one is irrelevant because cadence-qspi is not queued. Step two however has two implications: - A deadlock occurs, because ->runtime_resume() is called in a context where the lock is already taken (in the ->exec_op() callback, where the usage count is incremented). - It would disallow all operations once the device is auto-suspended. Here is a brief call tree highlighting the mutex deadlock: spi_mem_exec_op() ... spi_mem_access_start() mutex_lock(&ctlr->bus_lock_mutex) cqspi_exec_mem_op() pm_runtime_resume_and_get() cqspi_resume() spi_controller_resume() mutex_lock(&ctlr->bus_lock_mutex) ... spi_mem_access_end() mutex_unlock(&ctlr->bus_lock_mutex) ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: cadence-qspi: elimina las llamadas auxiliares de suspensión en todo el sistema desde los ganchos PM en tiempo de ejecución No se espera que las devoluciones de llamada ->runtime_suspend() y ->runtime_resume() llamen a spi_controller_suspend() y spi_controller_resume(). Elimina llamadas a aquellos en el controlador cadence-qspi. • https://git.kernel.org/stable/c/0578a6dbfe7514db7134501cf93acc21cf13e479 https://git.kernel.org/stable/c/041562ebc4759c9932b59a06527f8753b86da365 https://git.kernel.org/stable/c/959043afe53ae80633e810416cee6076da6e91c6 •