21762 matches found
NFSD: fix race between nfsd registration and exports_proc
...
smb: client: fix potential UAF in cifs_stats_proc_write()
...
igc: avoid returning frame twice in XDP_REDIRECT
...
net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
...
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
...
rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
...
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
...
media: rkisp1: Fix IRQ disable race issue
...
nfs: pass explicit offset/count to trace events
...
ath11k: Fix frames flush failure caused by deadlock
...
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
...
LoongArch: Update cpu_sibling_map when disabling nonboot CPUs
...
drm/amdgpu: Add basic validation for RAS header
...
ocfs2: Avoid touching renamed directory if parent does not change
...
drm/amd: check num of link levels when update pcie param
...
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
...
HTACG tidy-html5 parser.c prvTidyParseNamespace assertion
...
mlxsw: spectrum: Guard against invalid local ports
...
ext4: avoid journaling sb update on error if journal is destroying
...
drm/amd/display: fix array index out of bound error in DCN32 DML
...
net/ncsi: Disable the ncsi work before freeing the associated structure
...
i40e: Do not allow untrusted VF to remove administratively set MAC
...
[ceph] parse_longname(): strrchr() expects NUL-terminated string
...
An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
...
sched/rt: Fix race in push_rt_task
...
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
...
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
...
drm/amd/display: Disable DMCUB timeout for DCN35
...
wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
...
sysctl: Fix out of bounds access for empty sysctl registers
...
net: bridge: switchdev: Skip MDB replays of deferred events on offload
...
drm/amdgpu: change vm->task_info handling
...
HTACG tidy-html5 alloc.c defaultAlloc memory leak
...
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.
...
genirq/irq_sim: Initialize work context pointers properly
...
mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()
...
ax25: Remove broken autobind
...
lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
...
watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
...
lib/generic-radix-tree.c: Don't overflow in peek()
...
scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
...
ibmvnic: Use kernel helpers for hex dumps
...
ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
...
net/mlx5: Reload only IB representors upon lag disable/enable
...
jfs: Fix null-ptr-deref in jfs_ioc_trim
...
drm/amd/display: Deallocate DML memory if allocation fails
...
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
...
smb: client: fix potential UAF in smb2_is_network_name_deleted()
...
Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
...
drm/amd/display: fix a UBSAN warning in DML2.1
...