Vulnerabilities

The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.

Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.

Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may be able to make the agent run malicious commands through `QueryPlan.dataframe_calc]`) compromising the host system. Langroid 0.53.15 sanitizes input to the affected function by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.

vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the `PyNcclPipe` class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the `PyNcclCommunicator` class, while CPU-side control message passing is handled via the `send_obj` and `recv_obj` methods on the CPU side.​ The intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured.

In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()<br /> <br /> Normally do_lock_mount(path, _) is locking a mountpoint pinned by<br /> *path and at the time when matching unlock_mount() unlocks that<br /> location it is still pinned by the same thing.<br /> <br /> Unfortunately, for &amp;#39;beneath&amp;#39; case it&amp;#39;s no longer that simple -<br /> the object being locked is not the one *path points to. It&amp;#39;s the<br /> mountpoint of path-&gt;mnt. The thing is, without sufficient locking<br /> -&gt;mnt_parent may change under us and none of the locks are held<br /> at that point. The rules are<br /> * mount_lock stabilizes m-&gt;mnt_parent for any mount m.<br /> * namespace_sem stabilizes m-&gt;mnt_parent, provided that<br /> m is mounted.<br /> * if either of the above holds and refcount of m is positive,<br /> we are guaranteed the same for refcount of m-&gt;mnt_parent.<br /> <br /> namespace_sem nests inside inode_lock(), so do_lock_mount() has<br /> to take inode_lock() before grabbing namespace_sem. It does<br /> recheck that path-&gt;mnt is still mounted in the same place after<br /> getting namespace_sem, and it does take care to pin the dentry.<br /> It is needed, since otherwise we might end up with racing mount --move<br /> (or umount) happening while we were getting locks; in that case<br /> dentry would no longer be a mountpoint and could&amp;#39;ve been evicted<br /> on memory pressure along with its inode - not something you want<br /> when grabbing lock on that inode.<br /> <br /> However, pinning a dentry is not enough - the matching mount is<br /> also pinned only by the fact that path-&gt;mnt is mounted on top it<br /> and at that point we are not holding any locks whatsoever, so<br /> the same kind of races could end up with all references to<br /> that mount gone just as we are about to enter inode_lock().<br /> If that happens, we are left with filesystem being shut down while<br /> we are holding a dentry reference on it; results are not pretty.<br /> <br /> What we need to do is grab both dentry and mount at the same time;<br /> that makes inode_lock() safe *and* avoids the problem with fs getting<br /> shut down under us. After taking namespace_sem we verify that<br /> path-&gt;mnt is still mounted (which stabilizes its -&gt;mnt_parent) and<br /> check that it&amp;#39;s still mounted at the same place. From that point<br /> on to the matching namespace_unlock() we are guaranteed that<br /> mount/dentry pair we&amp;#39;d grabbed are also pinned by being the mountpoint<br /> of path-&gt;mnt, so we can quietly drop both the dentry reference (as<br /> the current code does) and mnt one - it&amp;#39;s OK to do under namespace_sem,<br /> since we are not dropping the final refs.<br /> <br /> That solves the problem on do_lock_mount() side; unlock_mount()<br /> also has one, since dentry is guaranteed to stay pinned only until<br /> the namespace_unlock(). That&amp;#39;s easy to fix - just have inode_unlock()<br /> done earlier, while it&amp;#39;s still pinned by mp-&gt;m_dentry.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> pds_core: Prevent possible adminq overflow/stuck condition<br /> <br /> The pds_core&amp;#39;s adminq is protected by the adminq_lock, which prevents<br /> more than 1 command to be posted onto it at any one time. This makes it<br /> so the client drivers cannot simultaneously post adminq commands.<br /> However, the completions happen in a different context, which means<br /> multiple adminq commands can be posted sequentially and all waiting<br /> on completion.<br /> <br /> On the FW side, the backing adminq request queue is only 16 entries<br /> long and the retry mechanism and/or overflow/stuck prevention is<br /> lacking. This can cause the adminq to get stuck, so commands are no<br /> longer processed and completions are no longer sent by the FW.<br /> <br /> As an initial fix, prevent more than 16 outstanding adminq commands so<br /> there&amp;#39;s no way to cause the adminq from getting stuck. This works<br /> because the backing adminq request queue will never have more than 16<br /> pending adminq commands, so it will never overflow. This is done by<br /> reducing the adminq depth to 16.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: typec: class: Invalidate USB device pointers on partner unregistration<br /> <br /> To avoid using invalid USB device pointers after a Type-C partner<br /> disconnects, this patch clears the pointers upon partner unregistration.<br /> This ensures a clean state for future connections.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()<br /> <br /> Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa<br /> implementation&amp;#39;s -&gt;key_size() callback returns an unusually large value.<br /> Herbert instead suggests (for a division by 8):<br /> <br /> X / 8 + !!(X &amp; 7)<br /> <br /> Based on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and<br /> use it in lieu of DIV_ROUND_UP() for -&gt;key_size() return values.<br /> <br /> Additionally, use the macro in ecc_digits_from_bytes(), whose "nbytes"<br /> parameter is a -&gt;key_size() return value in some instances, or a<br /> user-specified ASN.1 length in the case of ecdsa_get_signature_rs().

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> USB: wdm: close race between wdm_open and wdm_wwan_port_stop<br /> <br /> Clearing WDM_WWAN_IN_USE must be the last action or<br /> we can open a chardev whose URBs are still poisoned

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: phy: leds: fix memory leak<br /> <br /> A network restart test on a router led to an out-of-memory condition,<br /> which was traced to a memory leak in the PHY LED trigger code.<br /> <br /> The root cause is misuse of the devm API. The registration function<br /> (phy_led_triggers_register) is called from phy_attach_direct, not<br /> phy_probe, and the unregister function (phy_led_triggers_unregister)<br /> is called from phy_detach, not phy_remove. This means the register and<br /> unregister functions can be called multiple times for the same PHY<br /> device, but devm-allocated memory is not freed until the driver is<br /> unbound.<br /> <br /> This also prevents kmemleak from detecting the leak, as the devm API<br /> internally stores the allocated pointer.<br /> <br /> Fix this by replacing devm_kzalloc/devm_kcalloc with standard<br /> kzalloc/kcalloc, and add the corresponding kfree calls in the unregister<br /> path.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()<br /> <br /> The function brcmf_usb_dl_writeimage() calls the function<br /> brcmf_usb_dl_cmd() but dose not check its return value. The<br /> &amp;#39;state.state&amp;#39; and the &amp;#39;state.bytes&amp;#39; are uninitialized if the<br /> function brcmf_usb_dl_cmd() fails. It is dangerous to use<br /> uninitialized variables in the conditions.<br /> <br /> Add error handling for brcmf_usb_dl_cmd() to jump to error<br /> handling path if the brcmf_usb_dl_cmd() fails and the<br /> &amp;#39;state.state&amp;#39; and the &amp;#39;state.bytes&amp;#39; are uninitialized.<br /> <br /> Improve the error message to report more detailed error<br /> information.