Page 86 of 3015 results (0.008 seconds)

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: cachefiles: add consistency check for copen/cread This prevents malicious processes from completing random copen/cread requests and crashing the system. Added checks are listed below: * Generic, copen can only complete open requests, and cread can only complete read requests. * For copen, ondemand_id must not be 0, because this indicates that the request has not been read by the daemon. * For cread, the object corresponding to fd and req should be the same. • https://git.kernel.org/stable/c/3b744884c0431b5a62c92900e64bfd0ed61e8e2a https://git.kernel.org/stable/c/36d845ccd7bf527110a65fe953886a176c209539 https://git.kernel.org/stable/c/8aaa6c5dd2940ab934d6cd296175f43dbb32b34a https://git.kernel.org/stable/c/a26dc49df37e996876f50a0210039b2d211fdd6f •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemand_id < 0 in copen If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. And the request may have not been read yet. Note that when the object is set to reopen, the open request will be done with the still reopen state in above case. As a result, the request corresponding to this object is always skipped in select_req function, so the read request is never completed and blocks other process. Fix this issue by simply set object to close if its id < 0 in copen. • https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663 https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333 https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60 https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0 •

CVSS: 5.2EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQF_SPECIAL_LOAD when the request is cleaned. A flaw was found in the Linux kernel, where the following issue has been resolved: nvme: avoid double free special payload. If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free occurs. Clear the RQF_SPECIAL_LOAD when the request is cleaned. • https://git.kernel.org/stable/c/c5942a14f795de957ae9d66027aac8ff4fe70057 https://git.kernel.org/stable/c/f3ab45aacd25d957547fb6d115c1574c20964b3b https://git.kernel.org/stable/c/ae84383c96d6662c24697ab6b44aae855ab670aa https://git.kernel.org/stable/c/1b9fd1265fac85916f90b4648de02adccdb7220b https://git.kernel.org/stable/c/e5d574ab37f5f2e7937405613d9b1a724811e5ad https://access.redhat.com/security/cve/CVE-2024-41073 https://bugzilla.redhat.com/show_bug.cgi?id=2301637 • CWE-415: Double Free •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise. • https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79 https://git.kernel.org/stable/c/de5fcf757e33596eed32de170ce5a93fa44dd2ac https://git.kernel.org/stable/c/6295bad58f988eaafcf0e6f8b198a580398acb3b https://git.kernel.org/stable/c/a43cc0558530b6c065976b6b9246f512f8d3593b https://git.kernel.org/stable/c/001120ff0c9e3557dee9b5ee0d358e0fc189996f https://git.kernel.org/stable/c/fe9644efd86704afe50e56b64b609de340ab7c95 https://git.kernel.org/stable/c/35cee10ccaee5bd451a480521bbc25dc9f07fa5b https://git.kernel.org/stable/c/6ef09cdc5ba0f93826c09d810c141a8d1 •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Avoid address calculations via out of bounds array indexing req->n_channels must be set before req->channels[] can be used. This patch fixes one of the issues encountered in [1]. [ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4 [ 83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]' [...] [ 83.964264] Call Trace: [ 83.964267] <TASK> [ 83.964269] dump_stack_lvl+0x3f/0xc0 [ 83.964274] __ubsan_handle_out_of_bounds+0xec/0x110 [ 83.964278] ieee80211_prep_hw_scan+0x2db/0x4b0 [ 83.964281] __ieee80211_start_scan+0x601/0x990 [ 83.964291] nl80211_trigger_scan+0x874/0x980 [ 83.964295] genl_family_rcv_msg_doit+0xe8/0x160 [ 83.964298] genl_rcv_msg+0x240/0x270 [...] [1] https://bugzilla.kernel.org/show_bug.cgi?id=218810 An out-of-bounds buffer overflow has been found in the Linux kernel’s mac80211 subsystem when scanning for SSIDs. Address calculation using out-of-bounds array indexing could result in an attacker crafting an exploit, resulting in the complete compromise of a system. • https://git.kernel.org/stable/c/a2bb0c5d0086be5ab5054465dfaa381a1144905c https://git.kernel.org/stable/c/26b177ecdd311f20de4c379f0630858a675dfc0c https://git.kernel.org/stable/c/4f43a614b1b84f0d1e3c48cc541c3bfdf414a6d0 https://git.kernel.org/stable/c/2663d0462eb32ae7c9b035300ab6b1523886c718 https://access.redhat.com/security/cve/CVE-2024-41071 https://bugzilla.redhat.com/show_bug.cgi?id=2300448 • CWE-787: Out-of-bounds Write •