Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: fnic: Move flush_work initialization out of if block<br /> <br /> After commit 379a58caa199 ("scsi: fnic: Move fnic_fnic_flush_tx() to a<br /> work queue"), it can happen that a work item is sent to an uninitialized<br /> work queue. This may has the effect that the item being queued is never<br /> actually queued, and any further actions depending on it will not<br /> proceed.<br /> <br /> The following warning is observed while the fnic driver is loaded:<br /> <br /> kernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410<br /> kernel: <br /> kernel: queue_work_on+0x3a/0x50<br /> kernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]<br /> kernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]<br /> kernel: __handle_irq_event_percpu+0x36/0x1a0<br /> kernel: handle_irq_event_percpu+0x30/0x70<br /> kernel: handle_irq_event+0x34/0x60<br /> kernel: handle_edge_irq+0x7e/0x1a0<br /> kernel: __common_interrupt+0x3b/0xb0<br /> kernel: common_interrupt+0x58/0xa0<br /> kernel: <br /> <br /> It has been observed that this may break the rediscovery of Fibre<br /> Channel devices after a temporary fabric failure.<br /> <br /> This patch fixes it by moving the work queue initialization out of<br /> an if block in fnic_probe().

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: wd33c93: Don&amp;#39;t use stale scsi_pointer value<br /> <br /> A regression was introduced with commit dbb2da557a6a ("scsi: wd33c93:<br /> Move the SCSI pointer to private command data") which results in an oops<br /> in wd33c93_intr(). That commit added the scsi_pointer variable and<br /> initialized it from hostdata-&gt;connected. However, during selection,<br /> hostdata-&gt;connected is not yet valid. Fix this by getting the current<br /> scsi_pointer from hostdata-&gt;selecting.

Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit.

Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll.

Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function.

The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of specific details to access non-sensitive user provisioning information and execute arbitrary SQL database commands.

A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands.

A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information.

Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain unauthorized access to the database, retrieve sensitive information, modify or delete data, and execute arbitrary commands.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: ethernet: nixge: fix NULL dereference<br /> <br /> In function nixge_hw_dma_bd_release() dereference of NULL pointer<br /> priv-&gt;rx_bd_v is possible for the case of its allocation failure in<br /> nixge_hw_dma_bd_init().<br /> <br /> Move for() loop with priv-&gt;rx_bd_v dereference under the check for<br /> its validity.<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with SVACE.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/9p: Fix a potential socket leak in p9_socket_open<br /> <br /> Both p9_fd_create_tcp() and p9_fd_create_unix() will call<br /> p9_socket_open(). If the creation of p9_trans_fd fails,<br /> p9_fd_create_tcp() and p9_fd_create_unix() will return an<br /> error directly instead of releasing the cscoket, which will<br /> result in a socket leak.<br /> <br /> This patch adds sock_release() to fix the leak issue.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: phy: fix null-ptr-deref while probe() failed<br /> <br /> I got a null-ptr-deref report as following when doing fault injection test:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000058<br /> Oops: 0000 [#1] PREEMPT SMP KASAN PTI<br /> CPU: 1 PID: 253 Comm: 507-spi-dm9051 Tainted: G B N 6.1.0-rc3+<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014<br /> RIP: 0010:klist_put+0x2d/0xd0<br /> Call Trace:<br /> <br /> klist_remove+0xf1/0x1c0<br /> device_release_driver_internal+0x23e/0x2d0<br /> bus_remove_device+0x1bd/0x240<br /> device_del+0x357/0x770<br /> phy_device_remove+0x11/0x30<br /> mdiobus_unregister+0xa5/0x140<br /> release_nodes+0x6a/0xa0<br /> devres_release_all+0xf8/0x150<br /> device_unbind_cleanup+0x19/0xd0<br /> <br /> //probe path:<br /> phy_device_register()<br /> device_add()<br /> <br /> phy_connect<br /> phy_attach_direct() //set device driver<br /> probe() //it&amp;#39;s failed, driver is not bound<br /> device_bind_driver() // probe failed, it&amp;#39;s not called<br /> <br /> //remove path:<br /> phy_device_remove()<br /> device_del()<br /> device_release_driver_internal()<br /> __device_release_driver() //dev-&gt;drv is not NULL<br /> klist_remove() driver&amp;#39;, probe() fails,<br /> device_bind_driver() is not called, so the knode_driver-&gt;n_klist is not<br /> set, then it causes null-ptr-deref in __device_release_driver() while<br /> deleting device. Fix this by setting dev-&gt;driver to NULL in the error<br /> path in phy_attach_direct().