Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> jbd2: remove wrong sb-&gt;s_sequence check<br /> <br /> Journal emptiness is not determined by sb-&gt;s_sequence == 0 but rather by<br /> sb-&gt;s_start == 0 (which is set a few lines above). Furthermore 0 is a<br /> valid transaction ID so the check can spuriously trigger. Remove the<br /> invalid WARN_ON.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()<br /> <br /> Two WARNINGs are observed when SMMU driver rolls back upon failure:<br /> arm-smmu-v3.9.auto: Failed to register iommu<br /> arm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed with error -22<br /> ------------[ cut here ]------------<br /> WARNING: CPU: 5 PID: 1 at kernel/dma/mapping.c:74 dmam_free_coherent+0xc0/0xd8<br /> Call trace:<br /> dmam_free_coherent+0xc0/0xd8 (P)<br /> tegra241_vintf_free_lvcmdq+0x74/0x188<br /> tegra241_cmdqv_remove_vintf+0x60/0x148<br /> tegra241_cmdqv_remove+0x48/0xc8<br /> arm_smmu_impl_remove+0x28/0x60<br /> devm_action_release+0x1c/0x40<br /> ------------[ cut here ]------------<br /> 128 pages are still in use!<br /> WARNING: CPU: 16 PID: 1 at mm/page_alloc.c:6902 free_contig_range+0x18c/0x1c8<br /> Call trace:<br /> free_contig_range+0x18c/0x1c8 (P)<br /> cma_release+0x154/0x2f0<br /> dma_free_contiguous+0x38/0xa0<br /> dma_direct_free+0x10c/0x248<br /> dma_free_attrs+0x100/0x290<br /> dmam_free_coherent+0x78/0xd8<br /> tegra241_vintf_free_lvcmdq+0x74/0x160<br /> tegra241_cmdqv_remove+0x98/0x198<br /> arm_smmu_impl_remove+0x28/0x60<br /> devm_action_release+0x1c/0x40<br /> <br /> This is because the LVCMDQ queue memory are managed by devres, while that<br /> dmam_free_coherent() is called in the context of devm_action_release().<br /> <br /> Jason pointed out that "arm_smmu_impl_probe() has mis-ordered the devres<br /> callbacks if ops-&gt;device_remove() is going to be manually freeing things<br /> that probe allocated":<br /> https://lore.kernel.org/linux-iommu/20250407174408.GB1722458@nvidia.com/<br /> <br /> In fact, tegra241_cmdqv_init_structures() only allocates memory resources<br /> which means any failure that it generates would be similar to -ENOMEM, so<br /> there is no point in having that "falling back to standard SMMU" routine,<br /> as the standard SMMU would likely fail to allocate memory too.<br /> <br /> Remove the unwind part in tegra241_cmdqv_init_structures(), and return a<br /> proper error code to ask SMMU driver to call tegra241_cmdqv_remove() via<br /> impl_ops-&gt;device_remove(). Then, drop tegra241_vintf_free_lvcmdq() since<br /> devres will take care of that.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: fsl-qspi: use devm function instead of driver remove<br /> <br /> Driver use devm APIs to manage clk/irq/resources and register the spi<br /> controller, but the legacy remove function will be called first during<br /> device detach and trigger kernel panic. Drop the remove function and use<br /> devm_add_action_or_reset() for driver cleanup to ensure the release<br /> sequence.<br /> <br /> Trigger kernel panic on i.MX8MQ by<br /> echo 30bb0000.spi &gt;/sys/bus/platform/drivers/fsl-quadspi/unbind

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> pm: cpupower: bench: Prevent NULL dereference on malloc failure<br /> <br /> If malloc returns NULL due to low memory, &amp;#39;config&amp;#39; pointer can be NULL.<br /> Add a check to prevent NULL dereference.

The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init() function. This makes it possible for unauthenticated attackers to change any user&amp;#39;s passwords, including administrators if the users email is known.

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the &amp;#39;zetra_languageUpload&amp;#39; and &amp;#39;zetra_fontsUpload&amp;#39; functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site&amp;#39;s server which may make remote code execution possible.

A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_schedule. The manipulation of the argument member_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument plan leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=save_payment. The manipulation of the argument registration_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server.<br /> <br /> This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. <br /> <br /> Logview is accessible on Pro Cloud Server Configuration interface. <br /> <br /> <br /> This issue affects Pro Cloud Server: earlier than 6.0.165.

Cross-Site Request Forgery (CSRF) vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cross-Site Request Forgery is present at the whole application but it can be used to change the Pro Cloud Server Configuration password. <br /> This issue affects Pro Cloud Server: earlier than 6.0.165.

Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server&amp;#39;s WebEA model search field allows Cross-Site Scripting (XSS). <br /> This issue affects Pro Cloud Server: earlier than 6.0.165.