Page 77 of 3521 results (0.025 seconds)

CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: null_blk: fix validation of block size Block size should be between 512 and PAGE_SIZE and be a power of 2. The current check does not validate this, so update the check. Without this patch, null_blk would Oops due to a null pointer deref when loaded with bs=1536 [1]. [axboe: remove unnecessary braces and != 0 check] In the Linux kernel, the following vulnerability has been resolved: null_blk: fix validation of block size Block size should b... • https://git.kernel.org/stable/c/9625afe1dd4a158a14bb50f81af9e2dac634c0b1 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4_set_security_label We leak nfs_fattr and nfs4_label every time we set a security xattr. A vulnerability was found in the nfs4_set_security_label() in the Linux kernel, where the function fails to free the nfs_fattr attribute before exiting, leaving said memory allocation present. As the nfs4_set_security_label() is called repeatedly over time, this may lead to memory exhaustion. Chenyuan Yang discovered that t... • https://git.kernel.org/stable/c/899604a7c958771840941caff9ee3dd8193d984c • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQF_SPECIAL_LOAD when the request is cleaned. In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a d... • https://git.kernel.org/stable/c/882574942a9be8b9d70d13462ddacc80c4b385ba • CWE-415: Double Free •

CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number of c... • https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79 •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology file contents is wrong. Use devm_kmemdup(), to allocate memory as needed. In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, so having pointer ... • https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2 •

CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix sclp_init() cleanup on failure If sclp_init() fails it only partially cleans up: if there are multiple failing calls to sclp_init() sclp_state_change_event will be added several times to sclp_reg_list, which results in the following warning: ------------[ cut here ]------------ list_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10. WARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_vali... • https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly [BUG] When running btrfs/060 with forced RST feature, it would crash the following ASSERT() inside scrub_read_endio(): ASSERT(sector_nr < stripe->nr_sectors); Before that, we would have tree dump from btrfs_get_raid_extent_offset(), as we failed to find the RST entry for the range. [CAUSE] Inside scrub_submit_extent_sector_read() every time we allocated a new bbio we immediately called btrfs_m... • https://git.kernel.org/stable/c/17d1fd302a53d7e456a7412da74be74a0cf63a72 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: tx_buff[free_map[consumer_index]]->skb = new_skb; free_map[consumer_index] = IBMVNIC_INVALID_MAP; consumer_index ++; Where variable data looks like this: free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3] consumer_index^ tx_buff == [skb=null, skb=, skb=, skb=null, skb=null] The driver has checks... • https://git.kernel.org/stable/c/16ad1557cae582e79bb82dddd612d9bdfaa11d4c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* results in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as shown below. kernel BUG at mm/usercopy.c:102! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc scsi_trans... • https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_reset() due to hci_dev_put() from hci_error_reset() can cause deadlock at destroy_workqueue(), for hci_error_reset() is called from hdev->req_workqueue which destroy_workqueue() needs to flush. We need to make sure that hdev->{rx_work,cmd_work,tx_work} which are queued into hdev->workqueue and hdev->{power_on,err... • https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9 • CWE-833: Deadlock •