Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: fix relocation crash due to premature return from btrfs_commit_transaction()<br /> <br /> We are seeing crashes similar to the following trace:<br /> <br /> [38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 btrfs_relocate_block_group+0x2dc/0x340 [btrfs]<br /> [38.973556] CPU: 20 PID: 2105 Comm: btrfs Not tainted 5.17.0-rc4 #54<br /> [38.974580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014<br /> [38.976539] RIP: 0010:btrfs_relocate_block_group+0x2dc/0x340 [btrfs]<br /> [38.980336] RSP: 0000:ffffb0dd42e03c20 EFLAGS: 00010206<br /> [38.981218] RAX: ffff96cfc4ede800 RBX: ffff96cfc3ce0000 RCX: 000000000002ca14<br /> [38.982560] RDX: 0000000000000000 RSI: 4cfd109a0bcb5d7f RDI: ffff96cfc3ce0360<br /> [38.983619] RBP: ffff96cfc309c000 R08: 0000000000000000 R09: 0000000000000000<br /> [38.984678] R10: ffff96cec0000001 R11: ffffe84c80000000 R12: ffff96cfc4ede800<br /> [38.985735] R13: 0000000000000000 R14: 0000000000000000 R15: ffff96cfc3ce0360<br /> [38.987146] FS: 00007f11c15218c0(0000) GS:ffff96d6dfb00000(0000) knlGS:0000000000000000<br /> [38.988662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [38.989398] CR2: 00007ffc922c8e60 CR3: 00000001147a6001 CR4: 0000000000370ee0<br /> [38.990279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> [38.991219] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> [38.992528] Call Trace:<br /> [38.992854] <br /> [38.993148] btrfs_relocate_chunk+0x27/0xe0 [btrfs]<br /> [38.993941] btrfs_balance+0x78e/0xea0 [btrfs]<br /> [38.994801] ? vsnprintf+0x33c/0x520<br /> [38.995368] ? __kmalloc_track_caller+0x351/0x440<br /> [38.996198] btrfs_ioctl_balance+0x2b9/0x3a0 [btrfs]<br /> [38.997084] btrfs_ioctl+0x11b0/0x2da0 [btrfs]<br /> [38.997867] ? mod_objcg_state+0xee/0x340<br /> [38.998552] ? seq_release+0x24/0x30<br /> [38.999184] ? proc_nr_files+0x30/0x30<br /> [38.999654] ? call_rcu+0xc8/0x2f0<br /> [39.000228] ? __x64_sys_ioctl+0x84/0xc0<br /> [39.000872] ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs]<br /> [39.001973] __x64_sys_ioctl+0x84/0xc0<br /> [39.002566] do_syscall_64+0x3a/0x80<br /> [39.003011] entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> [39.003735] RIP: 0033:0x7f11c166959b<br /> [39.007324] RSP: 002b:00007fff2543e998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010<br /> [39.008521] RAX: ffffffffffffffda RBX: 00007f11c1521698 RCX: 00007f11c166959b<br /> [39.009833] RDX: 00007fff2543ea40 RSI: 00000000c4009420 RDI: 0000000000000003<br /> [39.011270] RBP: 0000000000000003 R08: 0000000000000013 R09: 00007f11c16f94e0<br /> [39.012581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff25440df3<br /> [39.014046] R13: 0000000000000000 R14: 00007fff2543ea40 R15: 0000000000000001<br /> [39.015040] <br /> [39.015418] ---[ end trace 0000000000000000 ]---<br /> [43.131559] ------------[ cut here ]------------<br /> [43.132234] kernel BUG at fs/btrfs/extent-tree.c:2717!<br /> [43.133031] invalid opcode: 0000 [#1] PREEMPT SMP PTI<br /> [43.133702] CPU: 1 PID: 1839 Comm: btrfs Tainted: G W 5.17.0-rc4 #54<br /> [43.134863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014<br /> [43.136426] RIP: 0010:unpin_extent_range+0x37a/0x4f0 [btrfs]<br /> [43.139913] RSP: 0000:ffffb0dd4216bc70 EFLAGS: 00010246<br /> [43.140629] RAX: 0000000000000000 RBX: ffff96cfc34490f8 RCX: 0000000000000001<br /> [43.141604] RDX: 0000000080000001 RSI: 0000000051d00000 RDI: 00000000ffffffff<br /> [43.142645] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff96cfd07dca50<br /> [43.143669] R10: ffff96cfc46e8a00 R11: fffffffffffec000 R12: 0000000041d00000<br /> [43.144657] R13: ffff96cfc3ce0000 R14: ffffb0dd4216bd08 R15: 0000000000000000<br /> [43.145686] FS: 00007f7657dd68c0(0000) GS:ffff96d6df640000(0000) knlGS:0000000000000000<br /> [43.146808] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [43.147584] CR2: 00007f7fe81bf5b0 CR3: 00000001093ee004 CR4: 0000000000370ee0<br /> [43.148589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> [43.149581] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000<br /> ---truncated---

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/amd: Fix I/O page table memory leak<br /> <br /> The current logic updates the I/O page table mode for the domain<br /> before calling the logic to free memory used for the page table.<br /> This results in IOMMU page table memory leak, and can be observed<br /> when launching VM w/ pass-through devices.<br /> <br /> Fix by freeing the memory used for page table before updating the mode.

Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358.

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)