Page 7 of 4502 results (0.012 seconds)

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the object_is_on_stack() function may produce incorrect results due to the presence of tags in the obj pointer, while the stack pointer does not have tags. This discrepancy can lead to incorrect stack object detection and subsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled. Example of the warning: ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1 at lib/debugobjects.c:557 __debug_object_init+0x330/0x364 Modules linked in: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5 #4 Hardware name: linux,dummy-virt (DT) pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __debug_object_init+0x330/0x364 lr : __debug_object_init+0x330/0x364 sp : ffff800082ea7b40 x29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534 x26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0 x23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418 x20: 3eff800082ea7bb0 x19: efff800000000000 x18: 0000000000000000 x17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206e x14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78e x11: 0ffff800082ea790 x10: 0ffff800082ea79d x9 : 34d77febe173e800 x8 : 34d77febe173e800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : feff800082ea74b8 x4 : ffff800082870a90 x3 : ffff80008018d3c4 x2 : 0000000000000001 x1 : ffff800082858810 x0 : 0000000000000050 Call trace: __debug_object_init+0x330/0x364 debug_object_init_on_stack+0x30/0x3c schedule_hrtimeout_range_clock+0xac/0x26c schedule_hrtimeout+0x1c/0x30 wait_task_inactive+0x1d4/0x25c kthread_bind_mask+0x28/0x98 init_rescuer+0x1e8/0x280 workqueue_init+0x1a0/0x3cc kernel_init_freeable+0x118/0x200 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated. ------------[ cut here ]------------ En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/task_stack: corrección de object_is_on_stack() para punteros etiquetados de KASAN Cuando CONFIG_KASAN_SW_TAGS y CONFIG_KASAN_STACK están habilitados, la función object_is_on_stack() puede producir resultados incorrectos debido a la presencia de etiquetas en el puntero obj, mientras que el puntero de pila no tiene etiquetas. Esta discrepancia puede provocar una detección incorrecta de objetos de pila y, posteriormente, activar advertencias si CONFIG_DEBUG_OBJECTS también está habilitado. Ejemplo de la advertencia: ODEBUG: el objeto 3eff800082ea7bb0 NO está en la pila ffff800082ea0000, pero está anotado. ------------[ cortar aquí ]------------ ADVERTENCIA: CPU: 0 PID: 1 en lib/debugobjects.c:557 __debug_object_init+0x330/0x364 Módulos vinculados: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 No contaminado 6.12.0-rc5 #4 Nombre del hardware: linux,dummy-virt (DT) pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __debug_object_init+0x330/0x364 lr : __debug_object_init+0x330/0x364 sp : ffff800082ea7b40 x29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534 x26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0 x23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418 x20: 3eff800082ea7bb0 x19: efff800000000000 x18: 00000000000000000 x17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206e x14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78e x11: 0ffff800082ea790 x10: 0ffff800082ea79d x9: 34d77febe173e800 x8: 34d77febe173e800 x7: 0000000000000001 x6: 00000000000000001 x5: feff800082ea74b8 x4: ffff800082870a90 x3: ffff80008018d3c4 x2: 0000000000000001 x1: ffff800082858810 x0: 0000000000000050 Seguimiento de llamadas: __debug_object_init+0x330/0x364 debug_object_init_on_stack+0x30/0x3c schedule_hrtimeout_range_clock+0xac/0x26c schedule_hrtimeout+0x1c/0x30 wait_task_inactive+0x1d4/0x25c kthread_bind_mask+0x28/0x98 init_rescuer+0x1e8/0x280 workqueue_init+0x1a0/0x3cc kernel_init_freeable+0x118/0x200 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20 ---[ fin del seguimiento 000000000000000 ]--- ODEBUG: el objeto 3eff800082ea7bb0 NO está en la pila ffff800082ea0000, pero está anotado. ------------[ cortar aquí ]------------ • https://git.kernel.org/stable/c/fbfe23012cec509dfbe09852019c4e4bb84999d0 https://git.kernel.org/stable/c/fd7b4f9f46d46acbc7af3a439bb0d869efdc5c58 •

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K") increased the max_req_size, even for 4K pages, causing various issues: - Panic booting the kernel/rootfs from an SD card on Rockchip RK3566 - Panic booting the kernel/rootfs from an SD card on StarFive JH7100 - "swiotlb buffer is full" and data corruption on StarFive JH7110 At this stage no fix have been found, so it's probably better to just revert the change. This reverts commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir "mmc: dw_mmc: Fix IDMAC operación con páginas mayores a 4K" el commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operación con páginas mayores a 4K") aumentó el max_req_size, incluso para páginas de 4K, causando varios problemas: - Arranque de pánico del kernel/rootfs desde una tarjeta SD en Rockchip RK3566 - Arranque de pánico del kernel/rootfs desde una tarjeta SD en StarFive JH7100 - "El búfer swiotlb está lleno" y corrupción de datos en StarFive JH7110 En esta etapa no se ha encontrado ninguna solución, por lo que probablemente sea mejor simplemente revertir el cambio. Esto revierte el commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890. • https://git.kernel.org/stable/c/32bd402f6760d57127d58a9888553b2db574bba6 https://git.kernel.org/stable/c/b9ee16a20d9976686185d7e59cd006c328b6a1e0 https://git.kernel.org/stable/c/2793f423893579b35dc1fc24dd7c1ce58fa0345a https://git.kernel.org/stable/c/9d715a234dd8f01af970b78ae2144a2fd3ead21c https://git.kernel.org/stable/c/373f8f5b087f010dddae3306a79c6fdd5c2f8953 https://git.kernel.org/stable/c/5b4bf3948875064a9adcda4b52b59e0520a8c576 https://git.kernel.org/stable/c/8396c793ffdf28bb8aee7cfe0891080f8cab7890 https://git.kernel.org/stable/c/5b1ef10f7d49f3320b0faa894204259e5 •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() nor the functions it calls copy that string. Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared. Fix the bug by allocating the strings on the heap through devm_kasprintf(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vdpa: solidrun: Fix UB bug with devres En psnet_open_pf_bar() y snet_open_vf_bar(), una cadena que luego se pasa a pcim_iomap_regions() se coloca en la pila. Ni pcim_iomap_regions() ni las funciones que llama copian esa cadena. Si la cadena se utiliza más tarde, esto, en consecuencia, provoca un comportamiento indefinido ya que el marco de la pila habrá desaparecido para entonces. • https://git.kernel.org/stable/c/51a8f9d7f587290944d6fc733d1f897091c63159 https://git.kernel.org/stable/c/d372dd09cfbf1324f54cbffd81fcaf6cdf3e608e https://git.kernel.org/stable/c/5bb287da2d2d5bb8f7376e223b02edb16998982e https://git.kernel.org/stable/c/0b364cf53b20204e92bac7c6ebd1ee7d3ec62931 •

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set: 0: call bpf_ktime_get_ns call bpf_ktime_get_ns 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff 2: w1 = w0 rewrites w1 = w0 3: if w0 < 10 goto +0 --------------> r11 = 0x2f5674a6 (r) 4: r1 >>= 32 r11 <<= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: exit; if w0 < 0xa goto pc+0 r1 >>= 32 r0 = r1 exit (or zero extension of w1 at (2) is missing for architectures that require zero extension for upper register half). The following happens w/o this patch: - r0 is marked as not a subreg at (0); - w1 is marked as subreg at (2); - w1 subreg_def is overridden at (3) by copy_register_state(); - w1 is read at (5) but mark_insn_zext() does not mark (2) for zero extension, because w1 subreg_def is not set; - because of BPF_F_TEST_RND_HI32 flag verifier inserts random value for hi32 bits of (2) (marked (r)); - this random value is read at (5). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: sync_linked_regs() debe preservar subreg_def La propagación del rango no debe afectar a las marcas subreg_def, de lo contrario el siguiente ejemplo es reescrito incorrectamente por el verificador cuando el indicador BPF_F_TEST_RND_HI32 está establecido: 0: llamar a bpf_ktime_get_ns llamar a bpf_ktime_get_ns 1: r0 &amp;= 0x7fffffff después del verificador r0 &amp;= 0x7fffffff 2: w1 = w0 reescribe w1 = w0 3: si w0 &lt; 10 goto +0 --------------&gt; r11 = 0x2f5674a6 (r) 4: r1 &gt;&gt;= 32 r11 &lt;&lt;= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: salir; si w0 &lt; 0xa goto pc+0 r1 &gt;&gt;= 32 r0 = r1 salir (o falta la extensión cero de w1 en (2) para arquitecturas que requieren extensión cero para la mitad superior del registro). Lo siguiente ocurre sin este parche: - r0 está marcado como no un subreg en (0); - w1 está marcado como subreg en (2); - el subreg_def de w1 es anulado en (3) por copy_register_state(); - w1 se lee en (5) pero mark_insn_zext() no marca (2) para extensión cero, porque el subreg_def de w1 no está configurado; - debido al indicador BPF_F_TEST_RND_HI32, el verificador inserta un valor aleatorio para los bits hi32 de (2) (marcado (r)); - este valor aleatorio se lee en (5). • https://git.kernel.org/stable/c/75748837b7e56919679e02163f45d5818c644d03 https://git.kernel.org/stable/c/dadf82c1b2608727bcc306843b540cd7414055a7 https://git.kernel.org/stable/c/b57ac2d92c1f565743f6890a5b9cf317ed856b09 https://git.kernel.org/stable/c/60fd3538d2a8fd44c41d25088c0ece3e1fd30659 https://git.kernel.org/stable/c/bfe9446ea1d95f6cb7848da19dfd58d2eec6fd84 https://git.kernel.org/stable/c/e2ef0f317a52e678fe8fa84b94d6a15b466d6ff0 https://git.kernel.org/stable/c/e9bd9c498cb0f5843996dbe5cbce7a1836a83c70 •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:inet_sock_destruct+0x1c5/0x1e0 Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 <0f> 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00 RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206 RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007 RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00 RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007 R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00 R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __warn+0x88/0x130 ? inet_sock_destruct+0x1c5/0x1e0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x53/0x90 ? • https://git.kernel.org/stable/c/e994b2f0fb9229aeff5eea9541320bd7b2ca8714 https://git.kernel.org/stable/c/d285eb9d0641c8344f2836081b4ccb7b3c5cc1b6 https://git.kernel.org/stable/c/073d89808c065ac4c672c0a613a71b27a80691cb •