Page 671 of 4330 results (0.019 seconds)

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix use-after-free in i40e_client_subtask() Currently the call to i40e_client_del_instance frees the object pf->cinst, however pf->cinst->lan_info is being accessed after the free. Fix this by adding the missing return. Addresses-Coverity: ("Read from pointer after free") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: Se corrige use-after-free en i40e_client_subtask() Actualmente la llamada a i40e_client_del_instance libera el objeto pf->cinst, sin embargo se accede a pf->cinst->lan_info después de gratis. Solucione este problema agregando la declaración que falta. Direcciones-Cobertura: ("Leer desde el puntero después de estar libre") • https://git.kernel.org/stable/c/7b0b1a6d0ac983ce1928432285d0222d4fb7c38b https://git.kernel.org/stable/c/c1322eaeb8af0d8985b5cc5fa759140fa0e57b84 https://git.kernel.org/stable/c/d718c15a2bf9ae082d5ae4d177fb19ef23cb4132 https://git.kernel.org/stable/c/829a713450b8fb127cbabfc1244c1d8179ec5107 https://git.kernel.org/stable/c/4ebc10aa7cd17fd9857dedac69600465c9dd16d1 https://git.kernel.org/stable/c/1fd5d262e7442192ac7611ff1597a36c5b044323 https://git.kernel.org/stable/c/38318f23a7ef86a8b1862e5e8078c4de121960c3 •

CVSS: -EPSS: 0%CPEs: 10EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix crashes when toggling entry flush barrier The entry flush mitigation can be enabled/disabled at runtime via a debugfs file (entry_flush), which causes the kernel to patch itself to enable/disable the relevant mitigations. However depending on which mitigation we're using, it may not be safe to do that patching while other CPUs are active. For example the following crash: sleeper[15639]: segfault (11) at c000000000004c20 nip c000000000004c20 lr c000000000004c20 Shows that we returned to userspace with a corrupted LR that points into the kernel, due to executing the partially patched call to the fallback entry flush (ie. we missed the LR restore). Fix it by doing the patching under stop machine. The CPUs that aren't doing the patching will be spinning in the core of the stop machine logic. That is currently sufficient for our purposes, because none of the patching we do is to that code or anywhere in the vicinity. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/64s: soluciona fallas al alternar la barrera de descarga de entrada. • https://git.kernel.org/stable/c/4a1e90af718d1489ffcecc8f52486c4f5dc0f7a6 https://git.kernel.org/stable/c/fa4bf9f38184ed7ca4916eb64f8c767d1e279c1f https://git.kernel.org/stable/c/db01cad9efe3c3838a6b3a3f68affd295c4b92d6 https://git.kernel.org/stable/c/f69bb4e51f41973fb7594be1479fa689831efe1a https://git.kernel.org/stable/c/b65458b6be8032c5179d4f562038575d7b3a6be3 https://git.kernel.org/stable/c/f79643787e0a0762d2409b7b8334e83f22d85695 https://git.kernel.org/stable/c/e590b36718d6e740b7b19514f710402a6499164c https://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa897236 •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: hfsplus: prevent corruption in shrinking truncate I believe there are some issues introduced by commit 31651c607151 ("hfsplus: avoid deadlock on file truncation") HFS+ has extent records which always contains 8 extents. In case the first extent record in catalog file gets full, new ones are allocated from extents overflow file. In case shrinking truncate happens to middle of an extent record which locates in extents overflow file, the logic in hfsplus_file_truncate() was changed so that call to hfs_brec_remove() is not guarded any more. Right action would be just freeing the extents that exceed the new size inside extent record by calling hfsplus_free_extents(), and then check if the whole extent record should be removed. However since the guard (blk_cnt > start) is now after the call to hfs_brec_remove(), this has unfortunate effect that the last matching extent record is removed unconditionally. To reproduce this issue, create a file which has at least 10 extents, and then perform shrinking truncate into middle of the last extent record, so that the number of remaining extents is not under or divisible by 8. This causes the last extent record (8 extents) to be removed totally instead of truncating into middle of it. Thus this causes corruption, and lost data. Fix for this is simply checking if the new truncated end is below the start of this extent record, making it safe to remove the full extent record. • https://git.kernel.org/stable/c/31651c607151f1034cfb57e5a78678bea54c362b https://git.kernel.org/stable/c/52dde855663e5db824af51db39b5757d2ef3e28a https://git.kernel.org/stable/c/c451a6bafb5f422197d31536f82116aed132b72c https://git.kernel.org/stable/c/adbd8a2a8cc05d9e501f93e5c95c59307874cc99 https://git.kernel.org/stable/c/c477f62db1a0c0ecaa60a29713006ceeeb04b685 https://git.kernel.org/stable/c/97314e45aa1223a42d60256a62c5d9af54baf446 https://git.kernel.org/stable/c/c3187cf32216313fb316084efac4dab3a8459b1d •

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUG_ON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmem_mfill_atomic_pte(). We successfully account the blocks, we shmem_alloc_page(), but then the copy_from_user() fails. We return -ENOENT. We don't release the page we allocated. 2. • https://git.kernel.org/stable/c/cb658a453b9327ce96ce5222c24d162b5b65b564 https://git.kernel.org/stable/c/319116227e52d49eee671f0aa278bac89b3c1b69 https://git.kernel.org/stable/c/07c9b834c97d0fa3402fb7f3f3b32df370a6ff1f https://git.kernel.org/stable/c/b3f1731c6d7fbc1ebe3ed8eff6d6bec56d76ff43 https://git.kernel.org/stable/c/140cfd9980124aecb6c03ef2e69c72d0548744de https://git.kernel.org/stable/c/ad53127973034c63b5348715a1043d0e80ceb330 https://git.kernel.org/stable/c/2d59a0ed8b26b8f3638d8afc31f839e27759f1f6 https://git.kernel.org/stable/c/7ed9d238c7dbb1fdb63ad96a618498515 •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when cloning inline extents and using qgroups There are a few exceptional cases where cloning an inline extent needs to copy the inline extent data into a page of the destination inode. When this happens, we end up starting a transaction while having a dirty page for the destination inode and while having the range locked in the destination's inode iotree too. Because when reserving metadata space for a transaction we may need to flush existing delalloc in case there is not enough free space, we have a mechanism in place to prevent a deadlock, which was introduced in commit 3d45f221ce627d ("btrfs: fix deadlock when cloning inline extent and low on free metadata space"). However when using qgroups, a transaction also reserves metadata qgroup space, which can also result in flushing delalloc in case there is not enough available space at the moment. When this happens we deadlock, since flushing delalloc requires locking the file range in the inode's iotree and the range was already locked at the very beginning of the clone operation, before attempting to start the transaction. When this issue happens, stack traces like the following are reported: [72747.556262] task:kworker/u81:9 state:D stack: 0 pid: 225 ppid: 2 flags:0x00004000 [72747.556268] Workqueue: writeback wb_workfn (flush-btrfs-1142) [72747.556271] Call Trace: [72747.556273] __schedule+0x296/0x760 [72747.556277] schedule+0x3c/0xa0 [72747.556279] io_schedule+0x12/0x40 [72747.556284] __lock_page+0x13c/0x280 [72747.556287] ? generic_file_readonly_mmap+0x70/0x70 [72747.556325] extent_write_cache_pages+0x22a/0x440 [btrfs] [72747.556331] ? __set_page_dirty_nobuffers+0xe7/0x160 [72747.556358] ? • https://git.kernel.org/stable/c/c53e9653605dbf708f5be02902de51831be4b009 https://git.kernel.org/stable/c/36af2de520cca7c37974cc4944b47850f6c460ee https://git.kernel.org/stable/c/d5347827d0b4b2250cbce6eccaa1c81dc78d8651 https://git.kernel.org/stable/c/96157707c0420e3d3edfe046f1cc797fee117ade https://git.kernel.org/stable/c/f9baa501b4fd6962257853d46ddffbc21f27e344 •