Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> regulator: dummy: force synchronous probing<br /> <br /> Sometimes I get a NULL pointer dereference at boot time in kobject_get()<br /> with the following call stack:<br /> <br /> anatop_regulator_probe()<br /> devm_regulator_register()<br /> regulator_register()<br /> regulator_resolve_supply()<br /> kobject_get()<br /> <br /> By placing some extra BUG_ON() statements I could verify that this is<br /> raised because probing of the &amp;#39;dummy&amp;#39; regulator driver is not completed<br /> (&amp;#39;dummy_regulator_rdev&amp;#39; is still NULL).<br /> <br /> In the JTAG debugger I can see that dummy_regulator_probe() and<br /> anatop_regulator_probe() can be run by different kernel threads<br /> (kworker/u4:*). I haven&amp;#39;t further investigated whether this can be<br /> changed or if there are other possibilities to force synchronization<br /> between these two probe routines. On the other hand I don&amp;#39;t expect much<br /> boot time penalty by probing the &amp;#39;dummy&amp;#39; regulator synchronously.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> regulator: check that dummy regulator has been probed before using it<br /> <br /> Due to asynchronous driver probing there is a chance that the dummy<br /> regulator hasn&amp;#39;t already been probed when first accessing it.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/hns: Fix soft lockup during bt pages loop<br /> <br /> Driver runs a for-loop when allocating bt pages and mapping them with<br /> buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,<br /> it may require a considerable loop count. This will lead to soft lockup:<br /> <br /> watchdog: BUG: soft lockup - CPU#27 stuck for 22s!<br /> ...<br /> Call trace:<br /> hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2]<br /> hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2]<br /> hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2]<br /> alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2]<br /> hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2]<br /> ib_uverbs_reg_mr+0x118/0x290<br /> <br /> watchdog: BUG: soft lockup - CPU#35 stuck for 23s!<br /> ...<br /> Call trace:<br /> hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2]<br /> mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2]<br /> hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2]<br /> alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2]<br /> hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2]<br /> ib_uverbs_reg_mr+0x120/0x2bc<br /> <br /> Add a cond_resched() to fix soft lockup during these loops. In order not<br /> to affect the allocation performance of normal-size buffer, set the loop<br /> count of a 100GB MR as the threshold to call cond_resched().

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793).

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link.

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795) an unauthenticated attacker could be able to set the password to an attacker-controlled value.

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices contains a path traversal vulnerability. This could allow an unauthenticated attacker it to access arbitrary files on the device with root privileges.

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh.

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device or set the date and time.