Page 501 of 3521 results (0.023 seconds)

CVSS: -EPSS: 0%CPEs: 10EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: serial: 8250_port: Check IRQ data before use In case the leaf driver wants to use IRQ polling (irq = 0) and IIR register shows that an interrupt happened in the 8250 hardware the IRQ data can be NULL. In such a case we need to skip the wake event as we came to this path from the timer interrupt and quite likely system is already awake. Without this fix we have got an Oops: serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16550A ... BUG: kernel NULL pointer dereference, address: 0000000000000010 RIP: 0010:serial8250_handle_irq+0x7c/0x240 Call Trace: ? serial8250_handle_irq+0x7c/0x240 ? __pfx_serial8250_timeout+0x10/0x10 • https://git.kernel.org/stable/c/edfe57aedff4ecf3606533aabf8ecf7676c3c5d9 https://git.kernel.org/stable/c/0bd49a043c7984c93c2a0af41222fb71c3986a4e https://git.kernel.org/stable/c/572d48361aa0a6e6f16c1470e5407de183493d0c https://git.kernel.org/stable/c/d5d628fea5f6181809a9d61b04de6ade53277684 https://git.kernel.org/stable/c/424cf29296354d7b9c6c038aaa7bb71782100851 https://git.kernel.org/stable/c/727e92fe13e81c6088a88d83e466b2b1b553c4e3 https://git.kernel.org/stable/c/0ba9e3a13c6adfa99e32b2576d20820ab10ad48a https://git.kernel.org/stable/c/d7c6aa39eb041e2a6a53106104200d11e •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the reference count of bh when the call to nilfs_dat_translate() fails. If the reference count hits 0 and its owner page gets unlocked, bh may be freed. However, bh->b_page is dereferenced to put the page after that, which may result in a use-after-free bug. This patch moves the release operation after unlocking and putting the page. NOTE: The function in question is only called in GC, and in combination with current userland tools, address translation using DAT does not occur in that function, so the code path that causes this issue will not be executed. However, it is possible to run that code path by intentionally modifying the userland GC library or by calling the GC ioctl directly. [konishi.ryusuke@gmail.com: NOTE added to the commit log] • https://git.kernel.org/stable/c/a3d93f709e893187d301aa5458b2248db9f22bd1 https://git.kernel.org/stable/c/fb1084e63ee56958b0a56e17a50a4fd86445b9c1 https://git.kernel.org/stable/c/bb61224f6abc8e71bfdf06d7c984e23460875f5b https://git.kernel.org/stable/c/193b5a1c6c67c36b430989dc063fe7ea4e200a33 https://git.kernel.org/stable/c/7130a87ca32396eb9bf48b71a2d42259ae44c6c7 https://git.kernel.org/stable/c/3936e8714907cd55e37c7cc50e50229e4a9042e8 https://git.kernel.org/stable/c/980663f1d189eedafd18d80053d9cf3e2ceb5c8c https://git.kernel.org/stable/c/28df4646ad8b433340772edc90ca709cd •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" This reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The commit above is reverted as it did not solve the original issue. gsm_cleanup_mux() tries to free up the virtual ttys by calling gsm_dlci_release() for each available DLCI. There, dlci_put() is called to decrease the reference counter for the DLCI via tty_port_put() which finally calls gsm_dlci_free(). This already clears the pointer which is being checked in gsm_cleanup_mux() before calling gsm_dlci_release(). Therefore, it is not necessary to clear this pointer in gsm_cleanup_mux() as done in the reverted commit. The commit introduces a null pointer dereference: <TASK> ? __die+0x1f/0x70 ? • https://git.kernel.org/stable/c/8fc0eabaa73bbd9bd705577071564616da5c8c61 https://git.kernel.org/stable/c/5138c228311a863c3cf937b94a3ab4c87f1f70c4 https://git.kernel.org/stable/c/9615ca54bc138e35353a001e8b5d4824dce72188 https://git.kernel.org/stable/c/9b9c8195f3f0d74a826077fc1c01b9ee74907239 https://git.kernel.org/stable/c/74a8d6f50cc90ed0061997db51dfa81a62b0f835 https://git.kernel.org/stable/c/6d5c8862932d31a810b6545f7d69ecc124402c6e https://git.kernel.org/stable/c/a48d2bcd23f2c98d575bc2f9b7a3fbd16aeea9eb https://git.kernel.org/stable/c/c61d0b87a7028c2c10faffc524d748334 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved Adding a reserved memory region for the framebuffer memory (the splash memory region set up by the bootloader). It fixes a kernel panic (arm-smmu: Unhandled context fault at this particular memory region) reported on DB845c running v5.10.y. • https://git.kernel.org/stable/c/dc1ab6577475b0460ba4261cd9caec37bd62ca0b https://git.kernel.org/stable/c/82dacd0ca0d9640723824026d6fdf773c02de1d2 https://git.kernel.org/stable/c/110e70fccce4f22b53986ae797d665ffb1950aa6 •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommu_suspend() The iommu_suspend() syscore suspend callback is invoked with IRQ disabled. Allocating memory with the GFP_KERNEL flag may re-enable IRQs during the suspend callback, which can cause intermittent suspend/hibernation problems with the following kernel traces: Calling iommu_suspend+0x0/0x1d0 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 15 at kernel/time/timekeeping.c:868 ktime_get+0x9b/0xb0 ... CPU: 0 PID: 15 Comm: rcu_preempt Tainted: G U E 6.3-intel #r1 RIP: 0010:ktime_get+0x9b/0xb0 ... Call Trace: <IRQ> tick_sched_timer+0x22/0x90 ? __pfx_tick_sched_timer+0x10/0x10 __hrtimer_run_queues+0x111/0x2b0 hrtimer_interrupt+0xfa/0x230 __sysvec_apic_timer_interrupt+0x63/0x140 sysvec_apic_timer_interrupt+0x7b/0xa0 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1f/0x30 ... ------------[ cut here ]------------ Interrupts enabled after iommu_suspend+0x0/0x1d0 WARNING: CPU: 0 PID: 27420 at drivers/base/syscore.c:68 syscore_suspend+0x147/0x270 CPU: 0 PID: 27420 Comm: rtcwake Tainted: G U W E 6.3-intel #r1 RIP: 0010:syscore_suspend+0x147/0x270 ... Call Trace: <TASK> hibernation_snapshot+0x25b/0x670 hibernate+0xcd/0x390 state_store+0xcf/0xe0 kobj_attr_store+0x13/0x30 sysfs_kf_write+0x3f/0x50 kernfs_fop_write_iter+0x128/0x200 vfs_write+0x1fd/0x3c0 ksys_write+0x6f/0xf0 __x64_sys_write+0x1d/0x30 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc Given that only 4 words memory is needed, avoid the memory allocation in iommu_suspend(). • https://git.kernel.org/stable/c/33e07157105e472b746b70b3ed4197c57c43ab68 https://git.kernel.org/stable/c/29298c85a81abdc512e87537515ed4b1a9601d0e https://git.kernel.org/stable/c/c12ef025add77ca3a0902e8719d552b6d47b4282 https://git.kernel.org/stable/c/496c591f0b389eb782f36d9d4c2564b9a865eed0 https://git.kernel.org/stable/c/59df44bfb0ca4c3ee1f1c3c5d0ee8e314844799e •