Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: use memtostr_pad() for s_volume_name<br /> <br /> As with the other strings in struct ext4_super_block, s_volume_name is<br /> not NUL terminated. The other strings were marked in commit 072ebb3bffe6<br /> ("ext4: add nonstring annotations to ext4.h"). Using strscpy() isn&amp;#39;t<br /> the right replacement for strncpy(); it should use memtostr_pad()<br /> instead.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> closures: Change BUG_ON() to WARN_ON()<br /> <br /> If a BUG_ON() can be hit in the wild, it shouldn&amp;#39;t be a BUG_ON()<br /> <br /> For reference, this has popped up once in the CI, and we&amp;#39;ll need more<br /> info to debug it:<br /> <br /> 03240 ------------[ cut here ]------------<br /> 03240 kernel BUG at lib/closure.c:21!<br /> 03240 kernel BUG at lib/closure.c:21!<br /> 03240 Internal error: Oops - BUG: 00000000f2000800 [#1] SMP<br /> 03240 Modules linked in:<br /> 03240 CPU: 15 PID: 40534 Comm: kworker/u80:1 Not tainted 6.10.0-rc4-ktest-ga56da69799bd #25570<br /> 03240 Hardware name: linux,dummy-virt (DT)<br /> 03240 Workqueue: btree_update btree_interior_update_work<br /> 03240 pstate: 00001005 (nzcv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)<br /> 03240 pc : closure_put+0x224/0x2a0<br /> 03240 lr : closure_put+0x24/0x2a0<br /> 03240 sp : ffff0000d12071c0<br /> 03240 x29: ffff0000d12071c0 x28: dfff800000000000 x27: ffff0000d1207360<br /> 03240 x26: 0000000000000040 x25: 0000000000000040 x24: 0000000000000040<br /> 03240 x23: ffff0000c1f20180 x22: 0000000000000000 x21: ffff0000c1f20168<br /> 03240 x20: 0000000040000000 x19: ffff0000c1f20140 x18: 0000000000000001<br /> 03240 x17: 0000000000003aa0 x16: 0000000000003ad0 x15: 1fffe0001c326974<br /> 03240 x14: 0000000000000a1e x13: 0000000000000000 x12: 1fffe000183e402d<br /> 03240 x11: ffff6000183e402d x10: dfff800000000000 x9 : ffff6000183e402e<br /> 03240 x8 : 0000000000000001 x7 : 00009fffe7c1bfd3 x6 : ffff0000c1f2016b<br /> 03240 x5 : ffff0000c1f20168 x4 : ffff6000183e402e x3 : ffff800081391954<br /> 03240 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000a8000000<br /> 03240 Call trace:<br /> 03240 closure_put+0x224/0x2a0<br /> 03240 bch2_check_for_deadlock+0x910/0x1028<br /> 03240 bch2_six_check_for_deadlock+0x1c/0x30<br /> 03240 six_lock_slowpath.isra.0+0x29c/0xed0<br /> 03240 six_lock_ip_waiter+0xa8/0xf8<br /> 03240 __bch2_btree_node_lock_write+0x14c/0x298<br /> 03240 bch2_trans_lock_write+0x6d4/0xb10<br /> 03240 __bch2_trans_commit+0x135c/0x5520<br /> 03240 btree_interior_update_work+0x1248/0x1c10<br /> 03240 process_scheduled_works+0x53c/0xd90<br /> 03240 worker_thread+0x370/0x8c8<br /> 03240 kthread+0x258/0x2e8<br /> 03240 ret_from_fork+0x10/0x20<br /> 03240 Code: aa1303e0 d63f0020 a94363f7 17ffff8c (d4210000)<br /> 03240 ---[ end trace 0000000000000000 ]---<br /> 03240 Kernel panic - not syncing: Oops - BUG: Fatal exception<br /> 03240 SMP: stopping secondary CPUs<br /> 03241 SMP: failed to stop secondary CPUs 13,15<br /> 03241 Kernel Offset: disabled<br /> 03241 CPU features: 0x00,00000003,80000008,4240500b<br /> 03241 Memory Limit: none<br /> 03241 ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]---<br /> 03246 ========= FAILED TIMEOUT copygc_torture_no_checksum in 7200s

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> gpio: pca953x: fix pca953x_irq_bus_sync_unlock race<br /> <br /> Ensure that `i2c_lock&amp;#39; is held when setting interrupt latch and mask in<br /> pca953x_irq_bus_sync_unlock() in order to avoid races.<br /> <br /> The other (non-probe) call site pca953x_gpio_set_multiple() ensures the<br /> lock is held before calling pca953x_write_regs().<br /> <br /> The problem occurred when a request raced against irq_bus_sync_unlock()<br /> approximately once per thousand reboots on an i.MX8MP based system.<br /> <br /> * Normal case<br /> <br /> 0-0022: write register AI|3a {03,02,00,00,01} Input latch P0<br /> 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0<br /> 0-0022: write register AI|08 {ff,00,00,00,00} Output P3<br /> 0-0022: write register AI|12 {fc,00,00,00,00} Config P3<br /> <br /> * Race case<br /> <br /> 0-0022: write register AI|08 {ff,00,00,00,00} Output P3<br /> 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register ***<br /> 0-0022: write register AI|12 {fc,00,00,00,00} Config P3<br /> 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0

Access permission verification vulnerability in the content sharing pop-up module<br /> Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Access permission verification vulnerability in the Settings module.<br /> Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Access permission verification vulnerability in the Contacts module<br /> Impact: Successful exploitation of this vulnerability may affect service confidentiality.

There is a permission and access control vulnerability of ZTE&amp;#39;s ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.

Permission verification vulnerability in the lock screen module<br /> Impact: Successful exploitation of this vulnerability may affect availability

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the &amp;#39;order&amp;#39; parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the &amp;#39;check_temp_validity&amp;#39; and &amp;#39;update_template_title&amp;#39; functions in all versions up to, and including, 4.10.38. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary content and update post and page titles.

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the &amp;#39;id&amp;#39; parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.