Page 655 of 4415 results (0.010 seconds)

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: async_xor: increase src_offs when dropping destination page Now we support sharing one page if PAGE_SIZE is not equal stripe size. To support this, it needs to support calculating xor value with different offsets for each r5dev. One offset array is used to record those offsets. In RMW mode, parity page is used as a source page. It sets ASYNC_TX_XOR_DROP_DST before calculating xor value in ops_run_prexor5. So it needs to add src_list and src_offs at the same time. Now it only needs src_list. • https://git.kernel.org/stable/c/29bcff787a2593b2126cfaff612c0b4e560022e9 https://git.kernel.org/stable/c/cab2e8e5997b592fdb7d02cf2387b4b8e3057174 https://git.kernel.org/stable/c/29ffa50f33de824b5491f8239c88c4a0efdd03af https://git.kernel.org/stable/c/53f8208e11abd6dde9480dfcb97fecdb1bc2ac18 https://git.kernel.org/stable/c/ceaf2966ab082bbc4d26516f97b3ca8a676e2af8 •

CVSS: -EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtw_get_tx_power_params() Using a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the following array overrun is logged: ================================================================================ UBSAN: array-index-out-of-bounds in /home/finger/wireless-drivers-next/drivers/net/wireless/realtek/rtw88/phy.c:1789:34 index 5 is out of range for type 'u8 [5]' CPU: 2 PID: 84 Comm: kworker/u16:3 Tainted: G O 5.12.0-rc5-00086-gd88bba47038e-dirty #651 Hardware name: TOSHIBA TECRA A50-A/TECRA A50-A, BIOS Version 4.50 09/29/2014 Workqueue: phy0 ieee80211_scan_work [mac80211] Call Trace: dump_stack+0x64/0x7c ubsan_epilogue+0x5/0x40 __ubsan_handle_out_of_bounds.cold+0x43/0x48 rtw_get_tx_power_params+0x83a/drivers/net/wireless/realtek/rtw88/0xad0 [rtw_core] ? rtw_pci_read16+0x20/0x20 [rtw_pci] ? check_hw_ready+0x50/0x90 [rtw_core] rtw_phy_get_tx_power_index+0x4d/0xd0 [rtw_core] rtw_phy_set_tx_power_level+0xee/0x1b0 [rtw_core] rtw_set_channel+0xab/0x110 [rtw_core] rtw_ops_config+0x87/0xc0 [rtw_core] ieee80211_hw_config+0x9d/0x130 [mac80211] ieee80211_scan_state_set_channel+0x81/0x170 [mac80211] ieee80211_scan_work+0x19f/0x2a0 [mac80211] process_one_work+0x1dd/0x3a0 worker_thread+0x49/0x330 ? rescuer_thread+0x3a0/0x3a0 kthread+0x134/0x150 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x22/0x30 ================================================================================ The statement where an array is being overrun is shown in the following snippet: if (rate <= DESC_RATE11M) tx_power = pwr_idx_2g->cck_base[group]; else ====> tx_power = pwr_idx_2g->bw40_base[group]; The associated arrays are defined in main.h as follows: struct rtw_2g_txpwr_idx { u8 cck_base[6]; u8 bw40_base[5]; struct rtw_2g_1s_pwr_idx_diff ht_1s_diff; struct rtw_2g_ns_pwr_idx_diff ht_2s_diff; struct rtw_2g_ns_pwr_idx_diff ht_3s_diff; struct rtw_2g_ns_pwr_idx_diff ht_4s_diff; }; The problem arises because the value of group is 5 for channel 14. • https://git.kernel.org/stable/c/fa6dfe6bff246ddd5be3cfe81637f137acd6c294 https://git.kernel.org/stable/c/6b5aa0cf321c25f41e09a61c83ee4dc7ab9549cb https://git.kernel.org/stable/c/95fb153c6027924cda3422120169d1890737f3a0 https://git.kernel.org/stable/c/5f3dbced8eaa5c9ed7d6943f3fea99f235a6516a https://git.kernel.org/stable/c/9cd09722e18a08b6a3d68b8bccfac39ddc22434c https://git.kernel.org/stable/c/2ff25985ea9ccc6c9af2c77b0b49045adcc62e0e •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: mt76: fix potential DMA mapping leak With buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap could potentially inherit a non-zero value from stack garbage. If this happens, it will cause DMA mappings for MCU command frames to not be unmapped after completion En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mt76: corrige una posible fuga de mapeo DMA Con buf no inicializado en mt76_dma_tx_queue_skb_raw, su campo skip_unmap podría potencialmente heredar un valor distinto de cero de la basura de la pila. Si esto sucede, las asignaciones DMA para las tramas de comando MCU no se desasignarán una vez finalizadas. • https://git.kernel.org/stable/c/27d5c528a7ca08dcd44877fdd9fc08b76630bf77 https://git.kernel.org/stable/c/9fa26701cd1fc4d932d431971efc5746325bdfce https://git.kernel.org/stable/c/9b68ce2856dadc0e1cb6fd21fbeb850da49efd08 https://git.kernel.org/stable/c/91b9548d413fda488ea853cd1b9f59b572db3a0c https://git.kernel.org/stable/c/b4403cee6400c5f679e9c4a82b91d61aa961eccf •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: Cleanup connector on bridge detach If we don't call drm_connector_cleanup() manually in panel_bridge_detach(), the connector will be cleaned up with the other DRM objects in the call to drm_mode_config_cleanup(). However, since our drm_connector is devm-allocated, by the time drm_mode_config_cleanup() will be called, our connector will be long gone. Therefore, the connector must be cleaned up when the bridge is detached to avoid use-after-free conditions. v2: Cleanup connector only if it was created v3: Add FIXME v4: (Use connector->dev) directly in if() block En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: bridge/panel: Limpiar conector en bridge detach Si no llamamos a drm_connector_cleanup() manualmente en panel_bridge_detach(), el conector se limpiará con los demás objetos DRM en la llamada a drm_mode_config_cleanup(). Sin embargo, dado que nuestro drm_connector está asignado por devm, para cuando se llame a drm_mode_config_cleanup(), nuestro conector ya no existirá. Por lo tanto, el conector debe limpiarse cuando se retira el puente para evitar condiciones de uso después de su liberación. v2: Limpiar el conector solo si fue creado v3: Agregar FIXME v4: (Usar conector-&gt;dev) directamente en el bloque if() • https://git.kernel.org/stable/c/13dfc0540a575b47b2d640b093ac16e9e09474f6 https://git.kernel.org/stable/c/ce450934a00cf896e648fde08d0bd1426653d7a2 https://git.kernel.org/stable/c/18149b420c9bd93c443e8d1f48a063d71d9f6aa1 https://git.kernel.org/stable/c/98d7d76a74e48ec3ddf2e23950adff7edcab9327 https://git.kernel.org/stable/c/4d906839d321c2efbf3fed4bc31ffd9ff55b75c0 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs Use the kvm_for_each_vcpu() helper to iterate over vCPUs when encrypting VMSAs for SEV, which effectively switches to use online_vcpus instead of created_vcpus. This fixes a possible null-pointer dereference as created_vcpus does not guarantee a vCPU exists, since it is updated at the very beginning of KVM_CREATE_VCPU. created_vcpus exists to allow the bulk of vCPU creation to run in parallel, while still correctly restricting the max number of max vCPUs. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: KVM: SVM: use online_vcpus, no creado_vcpus, para iterar sobre vCPU. Use el asistente kvm_for_each_vcpu() para iterar sobre vCPU al cifrar VMSA para SEV, que efectivamente cambia para usar online_vcpus en lugar de creado_vcpus. • https://git.kernel.org/stable/c/ad73109ae7ec30d5bfb76be108e304f9f0af4829 https://git.kernel.org/stable/c/bd0cced2ae93195668f983d443f7f17e8efd24d2 https://git.kernel.org/stable/c/ba7bf5d6336aa9c0d977b161bfa420c56d46ee40 https://git.kernel.org/stable/c/c36b16d29f3af5f32fc1b2a3401bf48f71cabee1 •