Page 69 of 4738 results (0.029 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in `cm_helper_translate_curve_to_degamma_hw_format` function. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds the function returns false to indic... • https://git.kernel.org/stable/c/b3dfa878257a7e98830b3009ca5831a01d8f85fc •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check stream_status before it is used [WHAT & HOW] dc_state_get_stream_status can return null, and therefore null must be checked before stream_status is used. This fixes 1 NULL_RETURNS issue reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check stream_status before it is used [WHAT & HOW] dc_state_get_stream_status can return null, and therefore null must be checke... • https://git.kernel.org/stable/c/4914c8bfee1843fae046a12970b6f178e6642659 •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize get_bytes_per_element's default to 1 Variables, used as denominators and maybe not assigned to other values, should not be 0. bytes_per_element_y & bytes_per_element_c are initialized by get_bytes_per_element() which should never return 0. This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize get_bytes_per_element'... • https://git.kernel.org/stable/c/8f0abb39c16e719129de10596b3ae3363fa178b4 •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths When the HBA is undergoing a reset or is handling an errata event, NULL ptr dereference crashes may occur in routines such as lpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or lpfc_abort_handler(). Add NULL ptr checks before dereferencing hdwq pointers that may have been freed due to operations colliding with a reset or errata event handler. In the Linux k... • https://git.kernel.org/stable/c/5873aa7f814754085d418848b2089ef406a02dd0 •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fw_info is not null before using it This resolves the dereference null return value warning reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fw_info is not null before using it This resolves the dereference null return value warning reported by Coverity. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-co... • https://git.kernel.org/stable/c/29f388945770bd0a6c82711436b2bc98b0dfac92 •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4_ext_show_leaf() In ext4_find_extent(), path may be freed by error or be reallocated, so using a previously saved *ppath may have been freed and thus may trigger use-after-free, as follows: ext4_split_extent path = *ppath; ext4_split_extent_at(ppath) path = ext4_find_extent(ppath) ext4_split_extent_at(ppath) // ext4_find_extent fails to free path // but zeroout succeeds ext4_ext_show_leaf(inode, path) eh = ... • https://git.kernel.org/stable/c/b0cb4561fc4284d04e69c8a66c8504928ab2484e •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Attaching SST PCI device to VM causes "BUG: KASAN: slab-out-of-bounds". kasan report: [ 19.411889] ================================================================== [ 19.413702] BUG: KASAN: slab-out-of-bounds in _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.415634] Read of size 8 at addr ffff888829e65200 by task cpuhp/16/113 [ 19.417368] [ 19.418627] CPU: 16 PID: 113 ... • https://git.kernel.org/stable/c/017a634f9f38ae704d9d57817555773de700219e •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0 Read of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40 CPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724 Call Trace: kasan_report+0x93/0xc0 ext4_split_extent_at+0xba8/0xcc0 ext4_split_e... • https://git.kernel.org/stable/c/dfe5080939ea4686b3414b5d970a9b26733c57a4 •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use the stale path and cause UAF. Below is a sample trace with dummy values: ext4_ext_insert_extent path = *ppath = 2000 ext4_ext_create_new_leaf(ppath) ext4_find_extent(ppath) path = *ppath = 2000 if (depth > path[0].p_maxdepth) kfree(path = 2000); *ppath = path = ... • https://git.kernel.org/stable/c/10809df84a4d868db61af621bae3658494165279 •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path In ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been released, otherwise it may be released twice. An example of what triggers this is as follows: split2 map split1 |--------|-------|--------| ext4_ext_map_blocks ext4_ext_handle_unwritten_extents ext4_split_convert_extents // path->p_depth == 0 ext4_split_extent // 1. do split1 ext4_split_extent_at |ext4_ext_inser... • https://git.kernel.org/stable/c/ecb94f5fdf4b72547fca022421a9dca1672bddd4 •