Page 83 of 2541 results (0.007 seconds)

CVSS: -EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointer in the dcn30_set_output_transfer_func function. Previously, set_output_gamma was being checked for nullity at line 386, but then it was being dereferenced without any nullity check at line 401. This could potentially lead to a null pointer dereference error if set_output_gamma is indeed null. To fix this, we now ensure that set_output_gamma is not null before dereferencing it. We do this by adding a nullity check for set_output_gamma before the call to set_output_gamma at line 401. If set_output_gamma is null, we log an error message and do not call the function. This fix prevents a potential null pointer dereference error. drivers/gpu/drm/amd/amdgpu/.. • https://git.kernel.org/stable/c/d99f13878d6f9c286b13860d8bf0b4db9ffb189a https://git.kernel.org/stable/c/44948d3cb943602ba4a0b5ed3c91ae0525838fb1 https://git.kernel.org/stable/c/64886a4e6f1dce843c0889505cf0673b5211e16a https://git.kernel.org/stable/c/ddf9ff244d704e1903533f7be377615ed34b83e7 https://git.kernel.org/stable/c/84edd5a3f5fa6aafa4afcaf9f101f46426c620c9 https://git.kernel.org/stable/c/72ee32d0907364104fbcf4f68dd5ae63cd8eae9e https://git.kernel.org/stable/c/08ae395ea22fb3d9b318c8bde28c0dfd2f5fa4d2 •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN() during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN() overflows which corrupts the selected area range during allocation. CONFIG_IOMMUFD_TEST can detect this: WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline] WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352 Modules linked in: CPU: 1 PID: 5092 Comm: syz-executor294 Not tainted 6.10.0-rc5-syzkaller-00294-g3ffea9a7a6f7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 RIP: 0010:iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline] RIP: 0010:iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352 Code: fc e9 a4 f3 ff ff e8 1a 8b 4c fc 41 be e4 ff ff ff e9 8a f3 ff ff e8 0a 8b 4c fc 90 0f 0b 90 e9 37 f5 ff ff e8 fc 8a 4c fc 90 <0f> 0b 90 e9 68 f3 ff ff 48 c7 c1 ec 82 ad 8f 80 e1 07 80 c1 03 38 RSP: 0018:ffffc90003ebf9e0 EFLAGS: 00010293 RAX: ffffffff85499fa4 RBX: 00000000ffffffef RCX: ffff888079b49e00 RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000 RBP: ffffc90003ebfc50 R08: ffffffff85499b30 R09: ffffffff85499942 R10: 0000000000000002 R11: ffff888079b49e00 R12: ffff8880228e0010 R13: 0000000000000000 R14: 1ffff920007d7f68 R15: ffffc90003ebfd00 FS: 000055557d760380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000005fdeb8 CR3: 000000007404a000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> iommufd_ioas_copy+0x610/0x7b0 drivers/iommu/iommufd/ioas.c:274 iommufd_fops_ioctl+0x4d9/0x5a0 drivers/iommu/iommufd/main.c:421 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Cap the automatic alignment to the huge page size, which is probably a better idea overall. Huge automatic alignments can fragment and chew up the available IOVA space without any reason. • https://git.kernel.org/stable/c/51fe6141f0f64ae0bbc096a41a07572273e8c0ef https://git.kernel.org/stable/c/cd6dd564ae7d99967ef50078216929418160b30e https://git.kernel.org/stable/c/a6e9f9fd14772c0b23c6d1d7002d98f9d27cb1f6 https://git.kernel.org/stable/c/72b78287ce92802e8ba678181a34b84ae844a112 https://git.kernel.org/stable/c/8f6887349b2f829a4121c518aeb064fc922714e4 •

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular and wowlan) firmware loading attempts. Otherwise if 'rtw_usb_intf_init()' has failed in 'rtw_usb_probe()', 'rtw_usb_disconnect()' may issue 'ieee80211_free_hw()' when one of 'rtw_load_firmware_cb()' (usually the wowlan one) is still in progress, causing UAF detected by KASAN. • https://git.kernel.org/stable/c/c8e5695eae9959fc5774c0f490f2450be8bad3de https://git.kernel.org/stable/c/a0c1e2da652cf70825739bc12d49ea15805690bf https://git.kernel.org/stable/c/ceaab3fb64d6a5426a3db8f87f3e5757964f2532 https://git.kernel.org/stable/c/7887ad11995a4142671cc49146db536f923c8568 https://git.kernel.org/stable/c/1b8178a2ae272256ea0dc4f940320a81003535e2 https://git.kernel.org/stable/c/9432185540bafd42b7bfac6e6ef2f0a0fb4be447 https://git.kernel.org/stable/c/e9a78d9417e167410d6fb83c4e908b077ad8ba6d https://git.kernel.org/stable/c/0e735a4c6137262bcefe45bb52fde7b1f •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: use hweight16 to get correct tx antenna The chainmask is u16 so using hweight8 cannot get correct tx_ant. Without this patch, the tx_ant of band 2 would be -1 and lead to the following issue: BUG: KASAN: stack-out-of-bounds in mt7996_mcu_add_sta+0x12e0/0x16e0 [mt7996e] • https://git.kernel.org/stable/c/98686cd21624c75a043e96812beadddf4f6f48e5 https://git.kernel.org/stable/c/50d87e3b70980abc090676b6b4703fcbd96221f9 https://git.kernel.org/stable/c/8f51fc8a9e2fd96363d8ec3f4ee4b78dd64754e3 https://git.kernel.org/stable/c/33954930870c18ec549e4bca0eeff43e252cb740 https://git.kernel.org/stable/c/f98c3de92bb05dac4a4969df8a4595ed380b4604 •

CVSS: -EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace: ieee80211_do_stop() ... spin_lock_irqsave(&local->queue_stop_reason_lock, flags) ... ieee80211_free_txskb() ieee80211_report_used_skb() ieee80211_report_ack_skb() cfg80211_mgmt_tx_status_ext() nl80211_frame_tx_status() genlmsg_multicast_netns() genlmsg_multicast_netns_filtered() nlmsg_multicast_filtered() netlink_broadcast_filtered() do_one_broadcast() netlink_broadcast_deliver() __netlink_sendskb() netlink_deliver_tap() __netlink_deliver_tap_skb() dev_queue_xmit() __dev_queue_xmit() ; with IRQS disabled ... spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags) issues the warning (as reported by syzbot reproducer): WARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120 Fix this by implementing a two-phase skb reclamation in 'ieee80211_do_stop()', where actual work is performed outside of a section with interrupts disabled. • https://git.kernel.org/stable/c/5061b0c2b9066de426fbc63f1278d2210e789412 https://git.kernel.org/stable/c/07eb0bd7b0a8abed9d45e0f567c9af1dc83e5268 https://git.kernel.org/stable/c/04f75f5bae33349283d6886901d9acd2f110c024 https://git.kernel.org/stable/c/f232916fab67ca1c3425926df4a866e59ff26908 https://git.kernel.org/stable/c/acb53a716e492a02479345157c43f21edc8bc64b https://git.kernel.org/stable/c/db5ca4b42ccfa42d2af7b335ff12578e57775c02 https://git.kernel.org/stable/c/058c9026ad79dc98572442fd4c7e9a36aba6f596 https://git.kernel.org/stable/c/eab272972cffff9cd973b8e4055a8e81c •