Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath11k: add srng-&gt;lock for ath11k_hal_srng_* in monitor mode<br /> <br /> ath11k_hal_srng_* should be used with srng-&gt;lock to protect srng data.<br /> <br /> For ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(),<br /> they use ath11k_hal_srng_* for many times but never call srng-&gt;lock.<br /> <br /> So when running (full) monitor mode, warning will occur:<br /> RIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]<br /> Call Trace:<br /> ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]<br /> ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k]<br /> ? idr_alloc_u32+0x97/0xd0<br /> ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k]<br /> ath11k_dp_service_srng+0x289/0x5a0 [ath11k]<br /> ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k]<br /> __napi_poll+0x30/0x1f0<br /> net_rx_action+0x198/0x320<br /> __do_softirq+0xdd/0x319<br /> <br /> So add srng-&gt;lock for them to avoid such warnings.<br /> <br /> Inorder to fetch the srng-&gt;lock, should change srng&amp;#39;s definition from<br /> &amp;#39;void&amp;#39; to &amp;#39;struct hal_srng&amp;#39;. And initialize them elsewhere to prevent<br /> one line of code from being too long. This is consistent with other ring<br /> process functions, such as ath11k_dp_process_rx().<br /> <br /> Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30<br /> Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath11k: fix RCU stall while reaping monitor destination ring<br /> <br /> While processing the monitor destination ring, MSDUs are reaped from the<br /> link descriptor based on the corresponding buf_id.<br /> <br /> However, sometimes the driver cannot obtain a valid buffer corresponding<br /> to the buf_id received from the hardware. This causes an infinite loop<br /> in the destination processing, resulting in a kernel crash.<br /> <br /> kernel log:<br /> ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309<br /> ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed<br /> ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309<br /> ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed<br /> <br /> Fix this by skipping the problematic buf_id and reaping the next entry,<br /> replacing the break with the next MSDU processing.<br /> <br /> Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30<br /> Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans<br /> <br /> There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and<br /> size. This would make xlate_pos negative.<br /> <br /> [ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000<br /> [ 23.734158] ================================================================================<br /> [ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7<br /> [ 23.734418] shift exponent -1 is negative<br /> <br /> Ensuring xlate_pos is a positive or zero before BIT.

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.

A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting wp-ever-accounting allows Cross Site Request Forgery.This issue affects Ever Accounting: from n/a through

URL Redirection to Untrusted Site (&amp;#39;Open Redirect&amp;#39;) vulnerability in Arthur Yarwood Fast eBay Listings fast-ebay-listings allows Phishing.This issue affects Fast eBay Listings: from n/a through

Path Traversal: &amp;#39;.../...//&amp;#39; vulnerability in Quý Lê 91 Administrator Z administrator-z allows Path Traversal.This issue affects Administrator Z: from n/a through