Page 72 of 2914 results (0.009 seconds)

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races. • https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81 https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5 https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29 https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747 https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that's the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size. • https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the MTRR capability MSR. So far all x86 CPUs which support MTRR have this separate bit set, so it went unnoticed that mtrr_save_state() does not check the capability bit before accessing the fixed MTRR MSRs. Though on a CPU that does not support the fixed MTRR capability this results in a #GP. The #GP itself is harmless because the RDMSR fault is handled gracefully, but results in a WARN_ON(). Add the missing capability check to prevent this. • https://git.kernel.org/stable/c/2b1f6278d77c1f2f669346fc2bb48012b5e9495a https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9 https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051 https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16 https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7 https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462 https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d5 •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1

In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). • https://github.com/Abdurahmon3236/CVE-2024-44947 https://git.kernel.org/stable/c/a1d75f258230b75d46aecdf28b2e732413028863 https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6 https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9 https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4 https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6 https:&#x • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCP_QUEUE_SEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ _after_ restoring data in the receive queue. mprotect(0x4aa000, 12288, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 3 setsockopt(3, SOL_TCP, TCP_REPAIR, [1], 4) = 0 connect(3, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = 0 setsockopt(3, SOL_TCP, TCP_REPAIR_QUEUE, [1], 4) = 0 sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="0x0000000000000003\0\0", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 20 setsockopt(3, SOL_TCP, TCP_REPAIR, [0], 4) = 0 setsockopt(3, SOL_TCP, TCP_QUEUE_SEQ, [128], 4) = 0 recvfrom(3, NULL, 20, 0, NULL, NULL) = -1 ECONNRESET (Connection reset by peer) syslog shows: [ 111.205099] TCP recvmsg seq # bug 2: copied 80, seq 0, rcvnxt 80, fl 0 [ 111.207894] WARNING: CPU: 1 PID: 356 at net/ipv4/tcp.c:2343 tcp_recvmsg_locked+0x90e/0x29a0 This should not be allowed. TCP_QUEUE_SEQ should only be used when queues are empty. This patch fixes this case, and the tx path as well. • https://git.kernel.org/stable/c/ee9952831cfd0bbe834f4a26489d7dce74582e37 https://git.kernel.org/stable/c/319f460237fc2965a80aa9a055044e1da7b3692a https://git.kernel.org/stable/c/3bf899438c123c444f6b644a57784dfbb6b15ad6 https://git.kernel.org/stable/c/046f3c1c2ff450fb7ae53650e9a95e0074a61f3e https://git.kernel.org/stable/c/3b72d5a703842f582502d97906f17d6ee122dac2 https://git.kernel.org/stable/c/8811f4a9836e31c14ecdf79d9f3cb7c5d463265d https://access.redhat.com/security/cve/CVE-2021-4442 https://bugzilla.redhat.com/show_bug.cgi?id=2308455 • CWE-20: Improper Input Validation •