Page 98 of 2914 results (0.005 seconds)

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Check pat.ops before dumping PAT settings We may leave pat.ops unset when running on brand new platform or when running as a VF. While the former is unlikely, the latter is valid (future) use case and will cause NPD when someone will try to dump PAT settings by debugfs. It's better to check pointer to pat.ops instead of specific .dump hook, as we have this hook always defined for every .ops variant. • https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc •

CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() calls pinctrl_free(). However, pinctrl_free() attempts to acquire pinctrl_maps_mutex, which is already held by create_pinctrl(), leading to a potential deadlock. This patch resolves the issue by releasing pinctrl_maps_mutex before calling pinctrl_free(), preventing the deadlock. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. A deadlock flaw was found in the Linux kernel’s pinctrl subsystem. This flaw allows a local user to crash the system. • https://git.kernel.org/stable/c/42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 https://git.kernel.org/stable/c/e65a0dc2e85efb28e182aca50218e8a056d0ce04 https://git.kernel.org/stable/c/420ce1261907e5dbeda1e4daffd5b6c76f8188c0 https://git.kernel.org/stable/c/b813e3fd102a959c5b208ed68afe27e0137a561b https://git.kernel.org/stable/c/01fe2f885f7813f8aed5d3704b384a97b1116a9e https://git.kernel.org/stable/c/b36efd2e3e22a329444b6b24fa48df6d20ae66e6 https://git.kernel.org/stable/c/4038c57bf61631219b31f1bd6e92106ec7f084dc https://git.kernel.org/stable/c/48a7a7c9571c3e62f17012dd7f2063e92 • CWE-833: Deadlock •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiod_set_value() function. This complains loudly when the GPIO controller needs to sleep. As the caller can sleep, use gpiod_set_value_cansleep() to fix the issue. • https://git.kernel.org/stable/c/b71348be1236398be2d04c5e145fd6eaae86a91b https://git.kernel.org/stable/c/98686ec1824728ff41d7b358131f7d0227c2ba2a https://git.kernel.org/stable/c/cae52f61fda0f5d2949dc177f984c9e187d4c6a0 https://git.kernel.org/stable/c/489f38de3375ab84b3d269d0a1d64d6ee95d7044 https://git.kernel.org/stable/c/5f41401219fbe7663b3cf65ebd4ed95ebbb8ffb9 https://git.kernel.org/stable/c/1618f7a875ffd916596392fd29880c0429b8af60 https://git.kernel.org/stable/c/e646402bf82145349fcf5dcbe395afaf02a8ce47 https://git.kernel.org/stable/c/ee7860cd8b5763017f8dc785c2851fecb •

CVSS: 5.7EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake. An unexpected file truncate flaw was found when opening files with specific parameters in the Linux kernel's file-system. This vulnerability allows a local user to corrupt specific files when having access to these files. • https://git.kernel.org/stable/c/3f6d078d4accfff8b114f968259a060bfdc7c682 https://git.kernel.org/stable/c/c329760749b5419769e57cb2be80955d2805f9c9 https://git.kernel.org/stable/c/f531d4bc6c5588d713359e42ed65e46816d841d8 https://git.kernel.org/stable/c/84bf6b64a1a0dfc6de7e1b1c776d58d608e7865a https://git.kernel.org/stable/c/dbb226d81cd02cee140139c2369791e6f61f2007 https://git.kernel.org/stable/c/5ae6af68410bdad6181ec82104bb9985a7a6a0fa https://git.kernel.org/stable/c/836359247b0403e0634bfbc83e5bb8063fad287a https://git.kernel.org/stable/c/930a4c369f74da26816eaaa71b5888d29 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_devcoredump: Check NULL before assignments Assign 'xe_devcoredump_snapshot *' and 'xe_device *' only if 'coredump' is not NULL. v2 - Fix commit messages. v3 - Define variables before code.(Ashutosh/Jose) v4 - Drop return check for coredump_to_xe. (Jose/Rodrigo) v5 - Modify misleading commit message. (Matt) • https://git.kernel.org/stable/c/76ec0e33707282d5321555698d902f4e067aff37 https://git.kernel.org/stable/c/b15e65349553b1689d15fbdebea874ca5ae2274a •