Page 530 of 4193 results (0.024 seconds)

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume If the source file descriptor to the snapshot ioctl refers to a deleted subvolume, we get the following abort: BTRFS: Transaction aborted (error -2) WARNING: CPU: 0 PID: 833 at fs/btrfs/transaction.c:1875 create_pending_snapshot+0x1040/0x1190 [btrfs] Modules linked in: pata_acpi btrfs ata_piix libata scsi_mod virtio_net blake2b_generic xor net_failover virtio_rng failover scsi_common rng_core raid6_pq libcrc32c CPU: 0 PID: 833 Comm: t_snapshot_dele Not tainted 6.7.0-rc6 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014 RIP: 0010:create_pending_snapshot+0x1040/0x1190 [btrfs] RSP: 0018:ffffa09c01337af8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9982053e7c78 RCX: 0000000000000027 RDX: ffff99827dc20848 RSI: 0000000000000001 RDI: ffff99827dc20840 RBP: ffffa09c01337c00 R08: 0000000000000000 R09: ffffa09c01337998 R10: 0000000000000003 R11: ffffffffb96da248 R12: fffffffffffffffe R13: ffff99820535bb28 R14: ffff99820b7bd000 R15: ffff99820381ea80 FS: 00007fe20aadabc0(0000) GS:ffff99827dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000559a120b502f CR3: 00000000055b6000 CR4: 00000000000006f0 Call Trace: <TASK> ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? __warn+0x81/0x130 ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? report_bug+0x171/0x1a0 ? • https://git.kernel.org/stable/c/2bdf872bcfe629a6202ffd6641615a8ed00e8464 https://git.kernel.org/stable/c/0877497dc97834728e1b528ddf1e1c484292c29c https://git.kernel.org/stable/c/6e6bca99e8d88d989a7cde4c064abea552d5219b https://git.kernel.org/stable/c/ec794a7528199e1be6d47bec03f4755aa75df256 https://git.kernel.org/stable/c/d8680b722f0ff6d7a01ddacc1844e0d52354d6ff https://git.kernel.org/stable/c/7081929ab2572920e94d70be3d332e5c9f97095a https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: NFC: nci: corrige la pérdida de memoria en nci_allocate_device nfcmrvl_disconnect no logra liberar el campo hci_dev en la estructura nci_dev. Solucione este problema liberando hci_dev en nci_free_device. ERROR: pérdida de memoria, objeto sin referencia 0xffff888111ea6800 (tamaño 1024): comunicación "kworker/1:0", pid 19, jiffies 4294942308 (edad 13.580 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............. ... seguimiento: [&lt;000000004bc25d43&gt;] kmalloc include/linux/slab.h:552 [en línea] [&lt;000000004bc25d43&gt;] kzalloc include/linux/slab.h:682 [en línea] [&lt;000000004bc25d43&gt;] nci_hci_allocate+0x21/ 0xd0 net/nfc/nci/hci.c:784 [&lt;00000000c59cff92&gt;] nci_allocate_device net/nfc/nci/core.c:1170 [en línea] [&lt;00000000c59cff92&gt;] nci_allocate_device+0x10b/0x160 net/nfc/nci/core. c:1132 [&lt;00000000006e0a8e&gt;] nfcmrvl_nci_register_dev+0x10a/0x1c0 controladores/nfc/nfcmrvl/main.c:153 [&lt;000000004da1b57e&gt;] nfcmrvl_probe+0x223/0x290 controladores/nfc/nfcmr vl/usb.c:345 [&lt;00000000d506aed9&gt;] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [&lt;00000000bc632c92&gt;] very_probe+0x159/0x4a0 drivers/base/dd.c:554 [&lt;00000000f5009125&gt;] driver_probe_device+0x84/0x100 drivers/base/dd .c:740 [&lt;000000000ce658ca&gt;] __device_attach_driver+0xee/0x110 controladores/base/dd.c:846 [&lt;000000007067d05f&gt;] bus_for_each_drv+0xb7/0x100 controladores/base/bus.c:431 [&lt;00000000f8e1337 2&gt;] __device_attach+0x122 /0x250 controladores/base/dd.c:914 [&lt;000000009cf68860&gt;] bus_probe_device+0xc6/0xe0 controladores/base/bus.c:491 [&lt;00000000359c965a&gt;] dispositivo_add+0x5be/0xc30 controladores/base/core.c:3109 [ &lt;00000000086e4bd3&gt;] usb_set_configuration+0x9d9/0xb90 controladores/usb/core/message.c:2164 [&lt;00000000ca036872&gt;] usb_generic_driver_probe+0x8c/0xc0 controladores/usb/core/generic.c:238 [&lt;00000000d40d3 6f6&gt;] dispositivo_probe_usb+0x5c/ 0x140 controladores/usb/core/driver.c:293 [&lt;00000000bc632c92&gt;] very_probe+0x159/0x4a0 controladores/base/dd.c:554 • https://git.kernel.org/stable/c/11f54f228643d0248ec00ce8c9fb8d872f87e7b8 https://git.kernel.org/stable/c/448a1cb12977f52142e6feb12022c59662d88dc1 https://git.kernel.org/stable/c/4a621621c7af3cec21c47c349b30cd9c3cea11c8 https://git.kernel.org/stable/c/2c2fb2df46ea866b49fea5ec7112ec3cd4896c74 https://git.kernel.org/stable/c/0365701bc44e078682ee1224866a71897495c7ef https://git.kernel.org/stable/c/af2a4426baf71163c0c354580ae98c7888a9aba7 https://git.kernel.org/stable/c/b34cb7ac32cc8e5471dc773180ea9ae676b1a745 https://git.kernel.org/stable/c/65234f50a90b64b335cbb9164b8a98c2a •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_range argument. Unfortunately, pnfs_mark_matching_lsegs_return() doesn't check if we have a value here before dereferencing it, causing an oops. I'm able to hit this crash consistently when running connectathon basic tests on NFS v4.1/v4.2 against Ontap. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSv4: corrige una desreferencia de puntero NULL en pnfs_mark_matching_lsegs_return(). Confirme los cambios de144ff4234f _pnfs_return_layout() para llamar a pnfs_mark_matching_lsegs_return() pasando NULL como argumento de estructura pnfs_layout_range. Desafortunadamente, pnfs_mark_matching_lsegs_return() no verifica si tenemos un valor aquí antes de eliminar la referencia a él, lo que provoca un error. • https://git.kernel.org/stable/c/80e34f4957ec3010c85f9bb0b568a8d46acdf535 https://git.kernel.org/stable/c/7b7b9774643220e53eef58c15bb29bd4182fe053 https://git.kernel.org/stable/c/9ffa7967f9379a0a1b924e9ffeda709d72237da7 https://git.kernel.org/stable/c/6be0e4b59314e4a836495f6ffdc5d2c5b079deeb https://git.kernel.org/stable/c/2fafe7d5047f98791afd9a1d90d2afb70debc590 https://git.kernel.org/stable/c/7e65ea887d0c0997f3053acd91a027af45e71c5b https://git.kernel.org/stable/c/96260bde1ea8ae31a5402fe506abbb8951d5a42c https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d986 • CWE-476: NULL Pointer Dereference •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smp_processor_id() in preemptible code The BUG message "BUG: using smp_processor_id() in preemptible [00000000] code" was observed for TCMU devices with kernel config DEBUG_PREEMPT. The message was observed when blktests block/005 was run on TCMU devices with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the symptom. The commit modified work queue to handle commands and changed 'current->nr_cpu_allowed' at smp_processor_id() call. The message was also observed at system shutdown when TCMU devices were not cleaned up [2]. The function smp_processor_id() was called in SCSI host work queue for abort handling, and triggered the BUG message. This symptom was observed regardless of the commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper"). To avoid the preemptible code check at smp_processor_id(), get CPU ID with raw_smp_processor_id() instead. • https://git.kernel.org/stable/c/1526d9f10c6184031e42afad0adbdde1213e8ad1 https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1 https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9 •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iommu/vt-d: corrige la fuga de sysfs en alloc_iommu() iommu_device_sysfs_add() se llama antes, por lo que debe limpiarse en caso de errores posteriores. • https://git.kernel.org/stable/c/39ab9555c24110671f8dc671311a26e5c985b592 https://git.kernel.org/stable/c/22da9f4978381a99f1abaeaf6c9b83be6ab5ddd8 https://git.kernel.org/stable/c/2ec5e9bb6b0560c90d315559c28a99723c80b996 https://git.kernel.org/stable/c/044bbe8b92ab4e542de7f6c93c88ea65cccd8e29 https://git.kernel.org/stable/c/f01134321d04f47c718bb41b799bcdeda27873d2 https://git.kernel.org/stable/c/ca466561eef36d1ec657673e3944eb6340bddb5b https://git.kernel.org/stable/c/0ee74d5a48635c848c20f152d0d488bf84641304 •