Page 516 of 5543 results (0.033 seconds)

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setup_arch() would invoke efi_init()->efi_get_fdt_params(). If no valid fdt found then initial_boot_params will be null. So we should stop further fdt processing here. I encountered this issue on risc-v. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: efi/fdt: corrige el pánico cuando no se encuentra un fdt válido. setup_arch() invocaría efi_init()->efi_get_fdt_params(). • https://git.kernel.org/stable/c/b91540d52a08b65eb6a2b09132e1bd54fa82754c https://git.kernel.org/stable/c/5148066edbdc89c6fe5bc419c31a5c22e5f83bdb https://git.kernel.org/stable/c/8a7e8b4e5631a03ea2fee27957857a56612108ca https://git.kernel.org/stable/c/668a84c1bfb2b3fd5a10847825a854d63fac7baa •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix memory leak in amd_sfh_work Kmemleak tool detected a memory leak in the amd_sfh driver. ==================== unreferenced object 0xffff88810228ada0 (size 32): comm "insmod", pid 3968, jiffies 4295056001 (age 775.792s) hex dump (first 32 bytes): 00 20 73 1f 81 88 ff ff 00 01 00 00 00 00 ad de . s............. 22 01 00 00 00 00 ad de 01 00 02 00 00 00 00 00 "............... backtrace: [<000000007b4c8799>] kmem_cache_alloc_trace+0x163/0x4f0 [<0000000005326893>] amd_sfh_get_report+0xa4/0x1d0 [amd_sfh] [<000000002a9e5ec4>] amdtp_hid_request+0x62/0x80 [amd_sfh] [<00000000b8a95807>] sensor_hub_get_feature+0x145/0x270 [hid_sensor_hub] [<00000000fda054ee>] hid_sensor_parse_common_attributes+0x215/0x460 [hid_sensor_iio_common] [<0000000021279ecf>] hid_accel_3d_probe+0xff/0x4a0 [hid_sensor_accel_3d] [<00000000915760ce>] platform_probe+0x6a/0xd0 [<0000000060258a1f>] really_probe+0x192/0x620 [<00000000fa812f2d>] driver_probe_device+0x14a/0x1d0 [<000000005e79f7fd>] __device_attach_driver+0xbd/0x110 [<0000000070d15018>] bus_for_each_drv+0xfd/0x160 [<0000000013a3c312>] __device_attach+0x18b/0x220 [<000000008c7b4afc>] device_initial_probe+0x13/0x20 [<00000000e6e99665>] bus_probe_device+0xfe/0x120 [<00000000833fa90b>] device_add+0x6a6/0xe00 [<00000000fa901078>] platform_device_add+0x180/0x380 ==================== The fix is to freeing request_list entry once the processed entry is removed from the request_list. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: amd_sfh: Reparar pérdida de memoria en amd_sfh_work La herramienta Kmemleak detectó una pérdida de memoria en el controlador amd_sfh. ==================== objeto sin referencia 0xffff88810228ada0 (tamaño 32): comm "insmod", pid 3968, jiffies 4295056001 (edad 775,792 s) volcado hexadecimal (primeros 32 bytes) : 00 20 73 1f 81 88 ff ff 00 01 00 00 00 00 ad de . s................. 22 01 00 00 00 00 ad de 01 00 02 00 00 00 00 00 "................. retroceso: [&lt; 000000007b4c8799&gt;] kmem_cache_alloc_trace+0x163/0x4f0 [&lt;0000000005326893&gt;] amd_sfh_get_report+0xa4/0x1d0 [amd_sfh] [&lt;000000002a9e5ec4&gt;] amdtp_hid_request+0x6 2/0x80 [amd_sfh] [&lt;00000000b8a95807&gt;] sensor_hub_get_feature+0x145/0x270 [hid_sensor_hub] [&lt;00000000fda054ee &gt;] hid_sensor_parse_common_attributes+0x215/0x460 [hid_sensor_iio_common] [&lt;0000000021279ecf&gt;] hid_accel_3d_probe+0xff/0x4a0 [hid_sensor_accel_3d] [&lt;00000000915760ce&gt;] platform_probe+0x6a/0xd0 [ &lt;0000000060258a1f&gt;] very_probe+0x192/0x620 [&lt;00000000fa812f2d&gt;] driver_probe_device+ 0x14a/0x1d0 [&lt;000000005e79f7fd&gt;] __device_attach_driver+0xbd/0x110 [&lt;0000000070d15018&gt;] bus_for_each_drv+0xfd/0x160 [&lt;0000000013a3c312&gt;] __device_attach+0x1 8b/0x220 [&lt;000000008c7b4afc&gt;] dispositivo_sonda_inicial+0x13/0x20 [&lt;00000000e6e99665&gt;] bus_probe_dispositivo+ 0xfe/0x120 [&lt;00000000833fa90b&gt;] device_add+0x6a6/0xe00 [&lt;00000000fa901078&gt;] platform_device_add+0x180/0x380 ===================== La solución es liberar la entrada request_list una vez que la entrada procesada se elimina de request_list. • https://git.kernel.org/stable/c/4b2c53d93a4bc9d52cc0ec354629cfc9dc217f93 https://git.kernel.org/stable/c/29beadea66a226d744d5ffdcde6b984623053d24 https://git.kernel.org/stable/c/5ad755fd2b326aa2bc8910b0eb351ee6aece21b1 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sk_forward_memory corruption on retransmission MPTCP sk_forward_memory handling is a bit special, as such field is protected by the msk socket spin_lock, instead of the plain socket lock. Currently we have a code path updating such field without handling the relevant lock: __mptcp_retrans() -> __mptcp_clean_una_wakeup() Several helpers in __mptcp_clean_una_wakeup() will update sk_forward_alloc, possibly causing such field corruption, as reported by Matthieu. Address the issue providing and using a new variant of blamed function which explicitly acquires the msk spin lock. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: corrige la corrupción de sk_forward_memory en la retransmisión El manejo de MPTCP sk_forward_memory es un poco especial, ya que dicho campo está protegido por el socket msk spin_lock, en lugar del bloqueo de socket simple. Actualmente tenemos una ruta de código que actualiza dicho campo sin manejar el bloqueo relevante: __mptcp_retrans() -&gt; __mptcp_clean_una_wakeup() Varios ayudantes en __mptcp_clean_una_wakeup() actualizarán sk_forward_alloc, posiblemente causando dicha corrupción de campo, según lo informado por Matthieu. Solucione el problema proporcionando y utilizando una nueva variante de la función culpada que adquiere explícitamente el bloqueo de giro msk. • https://git.kernel.org/stable/c/64b9cea7a0afe579dd2682f1f1c04f2e4e72fd25 https://git.kernel.org/stable/c/96db8ffef07516a6d7414b6988f2a4298a839977 https://git.kernel.org/stable/c/b9c78b1a95966a7bd2ddae05b73eafc0cda4fba3 https://git.kernel.org/stable/c/b5941f066b4ca331db225a976dae1d6ca8cf0ae3 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socket stays alive, and it still points to the TLS context, which is now deallocated. If a netdev goes up, while the connection is still active, and the data flow resumes after a number of TCP retransmissions, it will lead to a use-after-free of the TLS context. This commit addresses this bug by keeping the context alive until its normal destruction, and implements the necessary fallbacks, so that the connection can resume in software (non-offloaded) kTLS mode. On the TX side tls_sw_fallback is used to encrypt all packets. The RX side already has all the necessary fallbacks, because receiving non-decrypted packets is supported. The thing needed on the RX side is to block resync requests, which are normally produced after receiving non-decrypted packets. The necessary synchronization is implemented for a graceful teardown: first the fallbacks are deployed, then the driver resources are released (it used to be possible to have a tls_dev_resync after tls_dev_del). A new flag called TLS_RX_DEV_DEGRADED is added to indicate the fallback mode. • https://git.kernel.org/stable/c/e8f69799810c32dd40c6724d829eccc70baad07f https://git.kernel.org/stable/c/f1d4184f128dede82a59a841658ed40d4e6d3aa2 https://git.kernel.org/stable/c/0f1e6fe66977a864fe850522316f713d7b926fd9 https://git.kernel.org/stable/c/c55dcdd435aa6c6ad6ccac0a4c636d010ee367a4 •

CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix freeing unallocated p2pmem In case p2p device was found but the p2p pool is empty, the nvme target is still trying to free the sgl from the p2p pool instead of the regular sgl pool and causing a crash (BUG() is called). Instead, assign the p2p_dev for the request only if it was allocated from p2p pool. This is the crash that was caused: [Sun May 30 19:13:53 2021] ------------[ cut here ]------------ [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518! [Sun May 30 19:13:53 2021] invalid opcode: 0000 [#1] SMP PTI ... [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518! ... [Sun May 30 19:13:53 2021] RIP: 0010:gen_pool_free_owner+0xa8/0xb0 ... [Sun May 30 19:13:53 2021] Call Trace: [Sun May 30 19:13:53 2021] ------------[ cut here ]------------ [Sun May 30 19:13:53 2021] pci_free_p2pmem+0x2b/0x70 [Sun May 30 19:13:53 2021] pci_p2pmem_free_sgl+0x4f/0x80 [Sun May 30 19:13:53 2021] nvmet_req_free_sgls+0x1e/0x80 [nvmet] [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518! [Sun May 30 19:13:53 2021] nvmet_rdma_release_rsp+0x4e/0x1f0 [nvmet_rdma] [Sun May 30 19:13:53 2021] nvmet_rdma_send_done+0x1c/0x60 [nvmet_rdma] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nvmet: solución que libera p2pmem no asignado En caso de que se encuentre un dispositivo p2p pero el grupo p2p esté vacío, el objetivo nvme todavía está intentando liberar el sgl del grupo p2p en lugar del sgl normal. pool y provocando un bloqueo (se llama a BUG()). • https://git.kernel.org/stable/c/c6e3f13398123a008cd2ee28f93510b113a32791 https://git.kernel.org/stable/c/c440cd080761b18a52cac20f2a42e5da1e3995af https://git.kernel.org/stable/c/8a452d62e7cea3c8a2676a3b89a9118755a1a271 https://git.kernel.org/stable/c/bcd9a0797d73eeff659582f23277e7ab6e5f18f3 •