Page 97 of 951 results (0.006 seconds)

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is used to store internal data. • https://git.kernel.org/stable/c/6e65a09f927566f257322358d429b267548473eb https://git.kernel.org/stable/c/fa9e1c1b1f389a8e6d987ac6cb3e2ba04f8ec875 https://git.kernel.org/stable/c/2b4545f08cc68d2fc835f5c490b36e0264750030 https://git.kernel.org/stable/c/7ffaa200251871980af12e57649ad57c70bf0f43 •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() If the __qcuefi pointer is not set, then in the original code, we would hold onto the lock. That means that if we tried to set it later, then it would cause a deadlock. Drop the lock on the error path. That's what all the callers are expecting. • https://git.kernel.org/stable/c/759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9 https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03 https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in show_meminfo() There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix that by dropping the ref using xe_bo_put_deferred(), and moving the final commit outside of the lock. Dropping the lock around the put is tricky since the bo can go out of scope and delete itself from the list, making it difficult to navigate to the next list entry. (cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a) • https://git.kernel.org/stable/c/0845233388f8a26d00acf9bf230cfd4f36aa4c30 https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48 https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in show_meminfo() bo_meminfo() wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. Grab the bo lock when calling bo_meminfo(), ensuring we drop any spinlocks first. In the case of object_idr we now also need to hold a ref. v2 (MattB) - Also add xe_bo_assert_held() (cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7) • https://git.kernel.org/stable/c/0845233388f8a26d00acf9bf230cfd4f36aa4c30 https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee •

CVSS: -EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initialization. cpuhp_setup_state() returns the state number if state is CPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states. For the hyperv case, since a new cpuhp state was introduced it would return 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call is conditioned upon "hyperv_init_cpuhp > 0". This will never be true and so hv_cpu_die() won't be called on all CPUs. This means the VP assist page won't be reset. When the kexec kernel tries to setup the VP assist page again, the hypervisor corrupts the memory region of the old VP assist page causing a panic in case the kexec kernel is using that memory elsewhere. This was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec panic/hang issues"). Get rid of hyperv_init_cpuhp entirely since we are no longer using a dynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with cpuhp_remove_state(). • https://git.kernel.org/stable/c/9636be85cc5bdd8b7a7f6a53405cbcc52161c93c https://git.kernel.org/stable/c/2ae1beb3ab4f28868cc5d1541d05e1fbee3ad825 https://git.kernel.org/stable/c/d6f018a3b49d0a94ddbd0e479c2af6b19724e434 https://git.kernel.org/stable/c/b9af6418279c4cf73ca073f8ea024992b38be8ab •