Page 90 of 17413 results (0.139 seconds)

CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call Trace: afe4404_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4404_channel_leds+0x18/0xffffffffffffe9c0 This issue can be reproduce by singe command: $ cat /sys... • https://git.kernel.org/stable/c/b36e8257641a043764c62240316610c81e36376c •

CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0 Read of size 4 at addr ffffffffc02ac638 by task cat/279 Call Trace: afe4403_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4403_channel_leds+0x18/0xffffffffffffe9e0 This issue can be reproduced by singe command: $ cat /sys/bus/sp... • https://git.kernel.org/stable/c/b36e8257641a043764c62240316610c81e36376c •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: libbpf: Handle size overflow for ringbuf mmap The maximum size of ringbuf is 2GB on x86-64 host, so 2 * max_entries will overflow u32 when mapping producer page and data pages. ... In the Linux kernel, the following vulnerability has been resolved: libbpf: Handle size overflow for ringbuf mmap The maximum size of ringbuf is 2GB on x86-64 host, so 2 * max_entries will overflow u32 when mapping producer page and data pages. • https://git.kernel.org/stable/c/bf99c936f9478a05d51e9f101f90de70bee9a89c •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF. In the Linux kernel, the following vulnerability has been resolve... • https://git.kernel.org/stable/c/57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. ... Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak") In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won... • https://git.kernel.org/stable/c/40a13e2493c9882cb4d09054d81a5063cd1589a2 • CWE-459: Incomplete Cleanup •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix error handling in iavf_init_module() The iavf_init_module() won't destroy workqueue when pci_register_driver() failed. ... Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak") In the Linux kernel, the following vulnerability has been resolved: iavf: Fix error handling in iavf_init_module() The iavf_init_module() won't destroy workqueue when pci_register_driver() failed. • https://git.kernel.org/stable/c/2803b16c10ea7eec170c485388f5f26ae30e92fe •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100_xmit_prepare In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will resend the skb. In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100_xmit_prepare In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so e100_xmit_frame() wi... • https://git.kernel.org/stable/c/5e5d49422dfb035ca9e280cd61d434095c151272 •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the assignment in attr->dests[num_vport_dests].termtbl which case a use-after-free when releasing the rule. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting te... • https://git.kernel.org/stable/c/10caabdaad5ace85577a453da97d1f8d3b944427 •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pci_remove() and error handling path of m_can_pci_probe(), m_can_class_free_dev() should be called to free resource allocated by m_can_class_allocate_dev(), otherwise there will be memleak. In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pc... • https://git.kernel.org/stable/c/cab7ffc0324f053c8fb56c821cdd63dc0383270d •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. ... In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. • https://git.kernel.org/stable/c/0b8fb8235be8be99a197e8d948fc0a2df8dc261a •