Page 56 of 2711 results (0.006 seconds)

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. The packet is dropped but qdisc_tree_reduce_backlog() is not called to update the parent's q.qlen, leading to the similar use-after-free as Commit e04991a48dbaf382 ("netem: fix return value if duplicate enqueue fails") Commands to trigger KASAN UaF: ip link add type dummy ip link set lo up ip link set dummy0 up tc qdisc add dev lo parent root handle 1: drr tc filter add dev lo parent 1: basic classid 1:1 tc class add dev lo classid 1:1 drr tc qdisc add dev lo parent 1:1 handle 2: netem tc qdisc add dev lo parent 2: handle 3: drr tc filter add dev lo parent 3: basic classid 3:1 action mirred egress redirect dev dummy0 tc class add dev lo classid 3:1 drr ping -c1 -W0.01 localhost # Trigger bug tc class del dev lo classid 1:1 tc class add dev lo classid 1:1 drr ping -c1 -W0.01 localhost # UaF • https://git.kernel.org/stable/c/50612537e9ab29693122fab20fc1eed235054ffe https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9 https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241 https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c2 •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error In an error injection test of a routine for mount-time recovery, KASAN found a use-after-free bug. It turned out that if data recovery was performed using partial logs created by dsync writes, but an error occurred before starting the log writer to create a recovered checkpoint, the inodes whose data had been recovered were left in the ns_dirty_files list of the nilfs object and were not freed. Fix this issue by cleaning up inodes that have read the recovery data if the recovery routine fails midway before the log writer starts. • https://git.kernel.org/stable/c/0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14 https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355 https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4 https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403 https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d9 •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs The superblock buffers of nilfs2 can not only be overwritten at runtime for modifications/repairs, but they are also regularly swapped, replaced during resizing, and even abandoned when degrading to one side due to backing device issues. So, accessing them requires mutual exclusion using the reader/writer semaphore "nilfs->ns_sem". Some sysfs attribute show methods read this superblock buffer without the necessary mutual exclusion, which can cause problems with pointer dereferencing and memory access, so fix it. • https://git.kernel.org/stable/c/da7141fb78db915680616e15677539fc8140cf53 https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614 https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880 https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4 •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check UnboundedRequestEnabled's value CalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled is a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus if (p->UnboundedRequestEnabled) checks its address, not bool value. This fixes 1 REVERSE_INULL issue reported by Coverity. • https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9 https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would overflow the 32-bits used for block number. Also refuse to mount filesystems where the partition length is so large we cannot safely index bits in a block bitmap. • https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966 https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7 https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1 https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1 https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294 https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90 https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84 •