Page 7 of 3526 results (0.001 seconds)

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad bugs in the implementation, some of which are fatal to the guest, and others which put the stability and health of the host at risk. For guest fatalities, the most glaring issue is that KVM fails to ensure tracing is disabled, and *stays* disabled prior to VM-Enter, which is necessary as hardware disallows loading (the guest's) RTIT_CTL if tracing is enabled (enforced via a VMX consistency check). Per the SDM: If the logical processor is operating with Intel PT enabled (if IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the "load IA32_RTIT_CTL" VM-entry control must be 0. On the host side, KVM doesn't validate the guest CPUID configuration provided by userspace, and even worse, uses the guest configuration to decide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring guest CPUID to enumerate more address ranges than are supported in hardware will result in KVM trying to passthrough, save, and load non-existent MSRs, which generates a variety of WARNs, ToPA ERRORs in the host, a potential deadlock, etc. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: VMX: oculta la virtualización de Intel PT (modo invitado/host) detrás de CONFIG_BROKEN Oculta el parámetro del módulo pt_mode de KVM detrás de CONFIG_BROKEN, es decir, deshabilita la compatibilidad con la virtualización de Intel PT a través del modo invitado/host a menos que BROKEN=y. • https://git.kernel.org/stable/c/f99e3daf94ff35dd4a878d32ff66e1fd35223ad6 https://git.kernel.org/stable/c/c3742319d021f5aa3a0a8c828485fee14753f6de https://git.kernel.org/stable/c/d4b42f926adcce4e5ec193c714afd9d37bba8e5b https://git.kernel.org/stable/c/b8a1d572478b6f239061ee9578b2451bf2f021c2 https://git.kernel.org/stable/c/e6716f4230a8784957273ddd27326264b27b9313 https://git.kernel.org/stable/c/d28b059ee4779b5102c5da6e929762520510e406 https://git.kernel.org/stable/c/b91bb0ce5cd7005b376eac690ec664c1b56372ec https://git.kernel.org/stable/c/aa0d42cacf093a6fcca872edc954f6f81 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be 'i < bc->onecell_data.num_domains', not 'bc->onecell_data.num_domains' which will make the look never finish and cause kernel panic. Also disable runtime to address "imx93-blk-ctrl 4ac10000.system-controller: Unbalanced pm_runtime_enable!" En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pmdomain: imx93-blk-ctrl: ruta de eliminación correcta La condición de comprobación debe ser 'i &lt; bc-&gt;onecell_data.num_domains', no 'bc-&gt;onecell_data.num_domains', que hará que la búsqueda nunca finalice y provoque un pánico del kernel. También deshabilite el tiempo de ejecución para solucionar "imx93-blk-ctrl 4ac10000.system-controller: Unbalanced pm_runtime_enable!" • https://git.kernel.org/stable/c/e9aa77d413c903ba4cf7da3fe0b419cae5b97a81 https://git.kernel.org/stable/c/8fc228ab5d38a026eae7183a5f74a4fac43d9b6a https://git.kernel.org/stable/c/201fb9e164a1e4c5937de2cf58bcb0327c08664f https://git.kernel.org/stable/c/f7c7c5aa556378a2c8da72c1f7f238b6648f95fb •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why] In the case where a dml allocation fails for any reason, the current state's dml contexts would no longer be valid. Then subsequent calls dc_state_copy_internal would shallow copy invalid memory and if the new state was released, a double free would occur. [How] Reset dml pointers in new_state to NULL and avoid invalid pointer (cherry picked from commit bcafdc61529a48f6f06355d78eb41b3aeda5296c) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Controlar el error de asignación de dml para evitar un bloqueo [Por qué] En el caso de que una asignación de dml falle por cualquier motivo, los contextos dml del estado actual ya no serían válidos. Luego, las llamadas posteriores a dc_state_copy_internal realizarían una copia superficial de la memoria no válida y, si se liberara el nuevo estado, se produciría una doble liberación. [Cómo] Restablecer los punteros dml en new_state a NULL y evitar un puntero no válido (seleccionado de el commit bcafdc61529a48f6f06355d78eb41b3aeda5296c) • https://git.kernel.org/stable/c/874ff59cde8fc525112dda26b501a1bac17dde9f https://git.kernel.org/stable/c/6825cb07b79ffeb1d90ffaa7a1227462cdca34ae •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix "Missing outer runtime PM protection" warning Fix the following drm_WARN: [953.586396] xe 0000:00:02.0: [drm] Missing outer runtime PM protection ... <4> [953.587090] ? xe_pm_runtime_get_noresume+0x8d/0xa0 [xe] <4> [953.587208] guc_exec_queue_add_msg+0x28/0x130 [xe] <4> [953.587319] guc_exec_queue_fini+0x3a/0x40 [xe] <4> [953.587425] xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> [953.587515] xe_oa_release+0x9c/0xc0 [xe] (cherry picked from commit b107c63d2953907908fd0cafb0e543b3c3167b75) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/oa: Se corrige la advertencia "Falta protección de PM en tiempo de ejecución externo" Se corrige el siguiente drm_WARN: [953.586396] xe 0000:00:02.0: [drm] Falta protección de PM en tiempo de ejecución externo... &lt;4&gt; [953.587090] ? xe_pm_runtime_get_noresume+0x8d/0xa0 [xe] &lt;4&gt; [953.587208] guc_exec_queue_add_msg+0x28/0x130 [xe] &lt;4&gt; [953.587319] guc_exec_queue_fini+0x3a/0x40 [xe] &lt;4&gt; [953.587425] xe_exec_queue_destroy+0xb3/0xf0 [xe] &lt;4&gt; [953.587515] xe_oa_release+0x9c/0xc0 [xe] (seleccionado de el commit b107c63d2953907908fd0cafb0e543b3c3167b75) • https://git.kernel.org/stable/c/e936f885f1e96f59d9d05fb6cb5a02b9b9b88a05 https://git.kernel.org/stable/c/ed7cd3510d8da6e3578d9125a9ea4440f8adeeaa https://git.kernel.org/stable/c/c0403e4ceecaefbeaf78263dffcd3e3f06a19f6b •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using "block:block_touch_buffer" tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, the block_device structure is set after the function returns to the caller. Here, touch_buffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touch_buffer() here in the first place. So this solves the issue by eliminating the touch_buffer() call itself. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Serie de parches "nilfs2: fix null-ptr-deref bugs on block tracepoints". Esta serie corrige errores de desreferencia de puntero nulo que ocurren al usar nilfs2 y dos puntos de seguimiento relacionados con bloques. Este parche (de 2): Se ha informado que al usar el punto de seguimiento "block:block_touch_buffer", touch_buffer() llamado desde __nilfs_get_folio_block() causa una desreferencia de puntero NULL o un error de protección general cuando KASAN está habilitado. • https://git.kernel.org/stable/c/5305cb830834549b9203ad4d009ad5483c5e293f https://git.kernel.org/stable/c/085556bf8c70e2629e02e79268dac3016a08b8bf https://git.kernel.org/stable/c/6438f3f42cda825f6f59b4e45ac3a1da28a6f2c9 https://git.kernel.org/stable/c/b017697a517f8779ada4e8ce1c2c75dbf60a2636 https://git.kernel.org/stable/c/19c71cdd77973f99a9adc3190130bc3aa7ae5423 https://git.kernel.org/stable/c/3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9 https://git.kernel.org/stable/c/59b49ca67cca7b007a5afd3de0283c8008157665 https://git.kernel.org/stable/c/77e47f89d32c2d72eb33d0becbce7abe1 •