Page 447 of 2969 results (0.010 seconds)

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this problem by copying the data into the clone bio first and then encrypt them inside the clone bio. This may reduce performance, but it is needed to prevent the user from corrupting the device by writing data with O_DIRECT and modifying them at the same time. [1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/ En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: dm-crypt: no modifica los datos cuando se utiliza cifrado autenticado Se dijo que el cifrado autenticado podría producir etiquetas no válidas cuando se modifican los datos que se están cifrando [1]. Entonces, solucione este problema copiando primero los datos en la biografía del clon y luego cifrándolos dentro de la biografía del clon. Esto puede reducir el rendimiento, pero es necesario para evitar que el usuario dañe el dispositivo escribiendo datos con O_DIRECT y modificándolos al mismo tiempo. [1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/ • https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90 https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529 https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6 https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75 https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857 https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b8047828 •

CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed with are system physical addresses (SPA). During HDM decoder setup, the DVSEC CXL range registers (cxl-3.1, 8.1.3.8) are checked if the memory is enabled and the CXL range is in a HPA window that is described in a CFMWS structure of the CXL host bridge (cxl-3.1, 9.18.1.3). Now, if the HPA is not an SPA, the CXL range does not match a CFMWS window and the CXL memory range will be disabled then. The HDM decoder stops working which causes system memory being disabled and further a system hang during HDM decoder initialization, typically when a CXL enabled kernel boots. Prevent a system hang and do not disable the HDM decoder if the decoder's CXL range is not found in a CFMWS window. Note the change only fixes a hardware hang, but does not implement HPA/SPA translation. Support for this can be added in a follow on patch series. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cxl/pci: corrige la desactivación de la memoria si el rango DVSEC CXL no coincide con una ventana CFMWS. El subSYSTEM Linux CXL se basa en el supuesto de que HPA == SPA. • https://git.kernel.org/stable/c/34e37b4c432cd0f1842b352fde4b8878b4166888 https://git.kernel.org/stable/c/031217128990d7f0ab8c46db1afb3cf1e075fd29 https://git.kernel.org/stable/c/2cc1a530ab31c65b52daf3cb5d0883c8b614ea69 https://git.kernel.org/stable/c/3a3181a71935774bda2398451256d7441426420b https://git.kernel.org/stable/c/0cab687205986491302cd2e440ef1d253031c221 https://access.redhat.com/security/cve/CVE-2024-26761 https://bugzilla.redhat.com/show_bug.cgi?id=2273200 • CWE-20: Improper Input Validation •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bio_put() for error case As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit() and kfree(). That is not done properly for the error case, hitting WARN and NULL pointer dereference in bio_free(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: target: pscsi: corrige bio_put() para el caso de error A partir del commit 066ff571011d ("bloque: convierte bio_kmalloc en un contenedor kmalloc simple"), una biografía asignada por bio_kmalloc() debe ser liberado por bio_uninit() y kfree(). Esto no se hace correctamente en el caso de error, al presionar WARN y desreferenciar el puntero NULL en bio_free(). • https://git.kernel.org/stable/c/066ff571011d8416e903d3d4f1f41e0b5eb91e1d https://git.kernel.org/stable/c/f49b20fd0134da84a6bd8108f9e73c077b7d6231 https://git.kernel.org/stable/c/4ebc079f0c7dcda1270843ab0f38ab4edb8f7921 https://git.kernel.org/stable/c/1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec https://git.kernel.org/stable/c/de959094eb2197636f7c803af0943cb9d3b35804 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same entry at the same time, they get different pages (A, B). Before one thread (T0) finishes the swapin and installs page (A) to the PTE, another thread (T1) could finish swapin of page (B), swap_free the entry, then swap out the possibly modified page reusing the same entry. It breaks the pte_same check in (T0) because PTE value is unchanged, causing ABA problem. Thread (T0) will install a stalled page (A) into the PTE and cause data corruption. One possible callstack is like this: CPU0 CPU1 ---- ---- do_swap_page() do_swap_page() with same entry <direct swapin path> <direct swapin path> <alloc page A> <alloc page B> swap_read_folio() <- read to page A swap_read_folio() <- read to page B <slow on later locks or interrupt> <finished swapin first> ... set_pte_at() swap_free() <- entry is free <write to page B, now page A stalled> <swap out page B to same swap entry> pte_same() <- Check pass, PTE seems unchanged, but page A is stalled! swap_free() <- page B content lost! set_pte_at() <- staled page A installed! • https://git.kernel.org/stable/c/0bcac06f27d7528591c27ac2b093ccd71c5d0168 https://git.kernel.org/stable/c/2dedda77d4493f3e92e414b272bfa60f1f51ed95 https://git.kernel.org/stable/c/305152314df82b22cf9b181f3dc5fc411002079a https://git.kernel.org/stable/c/d183a4631acfc7af955c02a02e739cec15f5234d https://git.kernel.org/stable/c/13ddaf26be324a7f951891ecd9ccd04466d27458 https://access.redhat.com/security/cve/CVE-2024-26759 https://bugzilla.redhat.com/show_bug.cgi?id=2273204 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore suspended array in md_check_recovery() mddev_suspend() never stop sync_thread, hence it doesn't make sense to ignore suspended array in md_check_recovery(), which might cause sync_thread can't be unregistered. After commit f52f5c71f3d4 ("md: fix stopping sync thread"), following hang can be triggered by test shell/integrity-caching.sh: 1) suspend the array: raid_postsuspend mddev_suspend 2) stop the array: raid_dtr md_stop __md_stop_writes stop_sync_thread set_bit(MD_RECOVERY_INTR, &mddev->recovery); md_wakeup_thread_directly(mddev->sync_thread); wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery)) 3) sync thread done: md_do_sync set_bit(MD_RECOVERY_DONE, &mddev->recovery); md_wakeup_thread(mddev->thread); 4) daemon thread can't unregister sync thread: md_check_recovery if (mddev->suspended) return; -> return directly md_read_sync_thread clear_bit(MD_RECOVERY_RUNNING, &mddev->recovery); -> MD_RECOVERY_RUNNING can't be cleared, hence step 2 hang; This problem is not just related to dm-raid, fix it by ignoring suspended array in md_check_recovery(). And follow up patches will improve dm-raid better to frozen sync thread during suspend. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: md: No ignorar la matriz suspendida en md_check_recovery() mddev_suspend() nunca detiene sync_thread, por lo tanto, no tiene sentido ignorar la matriz suspendida en md_check_recovery(), lo que podría causar sync_thread no se puede cancelar el registro. Después de commit f52f5c71f3d4 ("md: arreglar la detención del hilo de sincronización"), el siguiente bloqueo se puede activar mediante test shell/integrity-caching.sh: 1) suspender la matriz: raid_postsuspend mddev_suspend 2) detener la matriz: raid_dtr md_stop __md_stop_writes stop_sync_thread set_bit(MD_RECOVERY_INTR , &amp;mddev-&gt;recuperación); md_wakeup_thread_directly(mddev-&gt;sync_thread); wait_event(..., ! • https://git.kernel.org/stable/c/68866e425be2ef2664aa5c691bb3ab789736acf5 https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0 https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757 https://access.redhat.com/security/cve/CVE-2024-26758 https://bugzilla.redhat.com/show_bug.cgi?id=2273206 • CWE-20: Improper Input Validation CWE-129: Improper Validation of Array Index •