Page 99 of 2882 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are allocated by input_allocate_device(), and assigned to sp->remote.mouse_dev and sp->remote.keybd_dev respectively. In the err_free_devices error branch of ibmasm_init_one, mouse_dev and keybd_dev are freed by input_free_device(), and return error. Then the... • https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069 •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge There is an issue with the ASPM(optional) capability checking function. A device might be attached to root complex directly, in this case, bus->self(bridge) will be NULL, thus priv->parent_pdev is NULL. Since alcor_pci_init_check_aspm(priv->parent_pdev) checks the PCI link's ASPM capability and populate parent_cap_off, which will be used later by alcor_pci_aspm_ctrl() to dynami... • https://git.kernel.org/stable/c/d2639ffdcad463b358b6bef8645ff81715daffcb •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Don't call free_pages_exact() with NULL address Unlike some other functions, we can't pass NULL pointer to free_pages_exact(). Add a proper NULL check for avoiding possible Oops. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usx2y: No llamar a free_pages_exact() con dirección NULL A diferencia de otras funciones, no podemos pasar un puntero NULL a free_pages_exact(). Agregue una verificación NULL adec... • https://git.kernel.org/stable/c/88262229b778f4f7a896da828d966f94dcb35d19 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: common: usb-conn-gpio: fix NULL pointer dereference of charger When power on system with OTG cable, IDDIG's interrupt arises before the charger registration, it will cause a NULL pointer dereference, fix the issue by registering the power supply before requesting IDDIG/VBUS irq. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: común: usb-conn-gpio: corrige la desreferencia del puntero NULL del cargador. Cuando se... • https://git.kernel.org/stable/c/8e8d910e9a3a7fba86140aff4924c30955ab228b •

CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0

21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serial_cs: Fix a memory leak in error handling path In the probe function, if the final 'serial_config()' fails, 'info' is leaking. Add a resource handling path to free this memory. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: serial: 8250: serial_cs: corrige una pérdida de memoria en la ruta de manejo de errores. En la función de sonda, si el 'serial_config()' final falla, se está perdiendo 'in... • https://git.kernel.org/stable/c/b5a2799cd62ed30c81b22c23028d9ee374e2138c •

CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0

21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix resource leak in case of probe failure The driver doesn't clean up all the allocated resources properly when scsi_add_host(), megasas_start_aen() function fails during the PCI device probe. Clean up all those resources. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: megaraid_sas: corrige la fuga de recursos en caso de fallo de la sonda El controlador no limpia todos los recursos asignados co... • https://git.kernel.org/stable/c/0c6226601c3e191a44a57d8f9f814b7e5c308959 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix conn use after free during resets If we haven't done a unbind target call we can race where iscsi_conn_teardown wakes up the EH thread and then frees the conn while those threads are still accessing the conn ehwait. We can only do one TMF per session so this just moves the TMF fields from the conn to the session. We can then rely on the iscsi_session_teardown->iscsi_remove_session->__iscsi_unbind_session call to remove the ... • https://git.kernel.org/stable/c/bf20d85a88384574fabb3d53ad62a8af57e7ab11 •

CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0

21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less than 0. The reference counting issue happens in some error handling paths of arm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get() fails, the caller functions forget to decrease the refcount of "smmu" increased by arm_smmu... • https://git.kernel.org/stable/c/3761ae0d0e549f2acdaf11f49df4ed06d256b20f • CWE-911: Improper Update of Reference Count •

CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0

21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation The reference counting issue happens in several exception handling paths of arm_smmu_iova_to_phys_hard(). When those error scenarios occur, the function forgets to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak. Fix this issue by jumping to "out" label when those error scenarios occur. En el kernel de Linux, se resolvió la sigu... • https://git.kernel.org/stable/c/b11220803ad14a2a880cc06d8e01fe2548cc85b0 •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free in wdt_startup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel ... • https://git.kernel.org/stable/c/63a3dc24bd053792f84cb4eef0168b1266202a02 • CWE-416: Use After Free •