Page 556 of 4194 results (0.009 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data re-injection from stale subflow When the MPTCP PM detects that a subflow is stale, all the packet scheduler must re-inject all the mptcp-level unacked data. To avoid acquiring unneeded locks, it first try to check if any unacked data is present at all in the RTX queue, but such check is currently broken, as it uses TCP-specific helper on an MPTCP socket. Funnily enough fuzzers and static checkers are happy, as the accessed memory still belongs to the mptcp_sock struct, and even from a functional perspective the recovery completed successfully, as the short-cut test always failed. A recent unrelated TCP change - commit d5fed5addb2b ("tcp: reorganize tcp_sock fast path variables") - exposed the issue, as the tcp field reorganization makes the mptcp code always skip the re-inection. Fix the issue dropping the bogus call: we are on a slow path, the early optimization proved once again to be evil. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: corrige la reinyección de datos desde un subflujo obsoleto Cuando MPTCP PM detecta que un subflujo está obsoleto, todo el programador de paquetes debe reinyectar todos los datos no codificados del nivel mptcp. Para evitar adquirir bloqueos innecesarios, primero intenta verificar si hay datos no bloqueados presentes en la cola RTX, pero dicha verificación actualmente no funciona, ya que utiliza un asistente específico de TCP en un socket MPTCP. Curiosamente, los fuzzers y los comprobadores estáticos están contentos, ya que la memoria a la que se accede todavía pertenece a la estructura mptcp_sock, e incluso desde una perspectiva funcional la recuperación se completó con éxito, ya que la prueba de acceso directo siempre fallaba. • https://git.kernel.org/stable/c/1e1d9d6f119c55c05e8ea78ed3e49046690abffd https://git.kernel.org/stable/c/6f95120f898b40d13fd441225ef511307853c9c2 https://git.kernel.org/stable/c/6673d9f1c2cd984390550dbdf7d5ae07b20abbf8 https://git.kernel.org/stable/c/b609c783c535493aa3fca22c7e40a120370b1ca5 https://git.kernel.org/stable/c/624902eab7abcb8731b333ec73f206d38d839cd8 https://git.kernel.org/stable/c/b6c620dc43ccb4e802894e54b651cf81495e9598 https://access.redhat.com/security/cve/CVE-2024-26826 https://bugzilla.redhat.com/show_bug.cgi?id=2275604 • CWE-20: Improper Input Validation •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received. However, the NCI device may be deallocated before that which leads to skb leak. As by design the rx_data_reassembly skb is bound to the NCI device and nothing prevents the device to be freed before the skb is processed in some way and cleaned, free it on the NCI device cleanup. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: nci: rx_data_reassembly skb gratuito en la limpieza del dispositivo NCI rx_data_reassembly skb se almacena durante el intercambio de datos NCI para procesar paquetes fragmentados. Se elimina solo cuando se procesa el último fragmento o cuando se recibe un paquete NTF con el código de operación NCI_OP_RF_DEACTIVATE_NTF. Sin embargo, el dispositivo NCI puede desasignarse antes de lo que provoca una fuga de skb. • https://git.kernel.org/stable/c/6a2968aaf50c7a22fced77a5e24aa636281efca8 https://git.kernel.org/stable/c/7e9a8498658b398bf11b8e388005fa54e40aed81 https://git.kernel.org/stable/c/71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf https://git.kernel.org/stable/c/2f6d16f0520d6505241629ee2f5c131b547d5f9d https://git.kernel.org/stable/c/471c9ede8061357b43a116fa692e70d91941ac23 https://git.kernel.org/stable/c/5c0c5ffaed73cbae6c317374dc32ba6cacc60895 https://git.kernel.org/stable/c/16d3f507b0fa70453dc54550df093d6e9ac630c1 https://git.kernel.org/stable/c/a3d90fb5c23f29ba59c04005ae76c5228 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - Remove bogus SGL free on zero-length error path When a zero-length message is hashed by algif_hash, and an error is triggered, it tries to free an SG list that was never allocated in the first place. Fix this by not freeing the SG list on the zero-length error path. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: algif_hash - Eliminar SGL falso libre en ruta de error de longitud cero Cuando algif_hash codifica un mensaje de longitud cero y se activa un error, intenta liberar una lista de SG que nunca fue asignado en primer lugar. Solucione este problema al no liberar la lista SG en la ruta de error de longitud cero. • https://git.kernel.org/stable/c/b6d972f6898308fbe7e693bf8d44ebfdb1cd2dc4 https://git.kernel.org/stable/c/9c82920359b7c1eddaf72069bcfe0ffddf088cd0 https://git.kernel.org/stable/c/775f3c1882a493168e08fdb8cde0865c8f3a8a29 https://git.kernel.org/stable/c/24c890dd712f6345e382256cae8c97abb0406b70 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems While refactoring the way the ITSs are probed, the handling of quirks applicable to ACPI-based platforms was lost. As a result, systems such as HIP07 lose their GICv4 functionnality, and some other may even fail to boot, unless they are configured to boot with DT. Move the enabling of quirks into its_probe_one(), making it common to all firmware implementations. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: irqchip/gic-v3-its: restaurar el sondeo de peculiaridades para sistemas basados en ACPI Al refactorizar la forma en que se sondean los ITS, se perdió el manejo de peculiaridades aplicables a plataformas basadas en ACPI. Como resultado, sistemas como HIP07 pierden su funcionalidad GICv4 y es posible que algunos otros incluso no arranquen, a menos que estén configurados para arrancar con DT. Mueva la habilitación de peculiaridades a its_probe_one(), haciéndola común a todas las implementaciones de firmware. • https://git.kernel.org/stable/c/9585a495ac936049dba141e8f9d99159ca06d46a https://git.kernel.org/stable/c/91a80fff3eeed928b6fba21271f6a9719b22a5d8 https://git.kernel.org/stable/c/4c60c611441f1f1e5de8e00e98ee5a4970778a00 https://git.kernel.org/stable/c/8b02da04ad978827e5ccd675acf170198f747a7a •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the values from the parent mount. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: configure el id, uid y cruid correctos para montajes automáticos multiusuario Cuando no se especifican uid, gid y cruid, debemos configurarlos dinámicamente en el contexto del sistema de archivos utilizado para el montaje automático, de lo contrario terminarán reutilizando los valores del montaje principal. • https://git.kernel.org/stable/c/9fd29a5bae6e8f94b410374099a6fddb253d2d5f https://git.kernel.org/stable/c/c8117ac42303f7ae99bbe53e4952f7d147cca1fb https://git.kernel.org/stable/c/60e3318e3e900ba1ddfead937012b3432dfccc92 https://git.kernel.org/stable/c/c2aa2718cda2d56b4a551cb40043e9abc9684626 https://git.kernel.org/stable/c/7590ba9057c6d74c66f3b909a383ec47cd2f27fb https://git.kernel.org/stable/c/4508ec17357094e2075f334948393ddedbb75157 •