Vulnerabilidades

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> NFSD: Avoid calling OPDESC() with ops-&gt;opnum == OP_ILLEGAL<br /> <br /> OPDESC() simply indexes into nfsd4_ops[] by the op&amp;#39;s operation<br /> number, without range checking that value. It assumes callers are<br /> careful to avoid calling it with an out-of-bounds opnum value.<br /> <br /> nfsd4_decode_compound() is not so careful, and can invoke OPDESC()<br /> with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end<br /> of nfsd4_ops[].

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent<br /> <br /> In some specific situations, the return value of __bch_btree_node_alloc<br /> may be NULL. This may lead to a potential NULL pointer dereference in<br /> caller function like a calling chain :<br /> btree_split-&gt;bch_btree_node_alloc-&gt;__bch_btree_node_alloc.<br /> <br /> Fix it by initializing the return value in __bch_btree_node_alloc.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hwmon: (xgene) Fix ioremap and memremap leak<br /> <br /> Smatch reports:<br /> <br /> drivers/hwmon/xgene-hwmon.c:757 xgene_hwmon_probe() warn:<br /> &amp;#39;ctx-&gt;pcc_comm_addr&amp;#39; from ioremap() not released on line: 757.<br /> <br /> This is because in drivers/hwmon/xgene-hwmon.c:701 xgene_hwmon_probe(),<br /> ioremap and memremap is not released, which may cause a leak.<br /> <br /> To fix this, ioremap and memremap is modified to devm_ioremap and<br /> devm_memremap.<br /> <br /> [groeck: Fixed formatting and subject]

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()<br /> <br /> syzbot is hitting WARN_ON() in hfsplus_cat_{read,write}_inode(), for<br /> crafted filesystem image can contain bogus length. There conditions are<br /> not kernel bugs that can justify kernel to panic.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfrm: Zero padding when dumping algos and encap<br /> <br /> When copying data to user-space we should ensure that only valid<br /> data is copied over. Padding in structures may be filled with<br /> random (possibly sensitve) data and should never be given directly<br /> to user-space.<br /> <br /> This patch fixes the copying of xfrm algorithms and the encap<br /> template in xfrm_user so that padding is zeroed.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tun: Fix memory leak for detached NAPI queue.<br /> <br /> syzkaller reported [0] memory leaks of sk and skb related to the TUN<br /> device with no repro, but we can reproduce it easily with:<br /> <br /> struct ifreq ifr = {}<br /> int fd_tun, fd_tmp;<br /> char buf[4] = {};<br /> <br /> fd_tun = openat(AT_FDCWD, "/dev/net/tun", O_WRONLY, 0);<br /> ifr.ifr_flags = IFF_TUN | IFF_NAPI | IFF_MULTI_QUEUE;<br /> ioctl(fd_tun, TUNSETIFF, &amp;ifr);<br /> <br /> ifr.ifr_flags = IFF_DETACH_QUEUE;<br /> ioctl(fd_tun, TUNSETQUEUE, &amp;ifr);<br /> <br /> fd_tmp = socket(AF_PACKET, SOCK_PACKET, 0);<br /> ifr.ifr_flags = IFF_UP;<br /> ioctl(fd_tmp, SIOCSIFFLAGS, &amp;ifr);<br /> <br /> write(fd_tun, buf, sizeof(buf));<br /> close(fd_tun);<br /> <br /> If we enable NAPI and multi-queue on a TUN device, we can put skb into<br /> tfile-&gt;sk.sk_write_queue after the queue is detached. We should prevent<br /> it by checking tfile-&gt;detached before queuing skb.<br /> <br /> Note this must be done under tfile-&gt;sk.sk_write_queue.lock because write()<br /> and ioctl(IFF_DETACH_QUEUE) can run concurrently. Otherwise, there would<br /> be a small race window:<br /> <br /> write() ioctl(IFF_DETACH_QUEUE)<br /> `- tun_get_user `- __tun_detach<br /> |- if (tfile-&gt;detached) |- tun_disable_queue<br /> | `-&gt; false | `- tfile-&gt;detached = tun<br /> | `- tun_queue_purge<br /> |- spin_lock_bh(&amp;queue-&gt;lock)<br /> `- __skb_queue_tail(queue, skb)<br /> <br /> Another solution is to call tun_queue_purge() when closing and<br /> reattaching the detached queue, but it could paper over another<br /> problems. Also, we do the same kind of test for IFF_NAPI_FRAGS.<br /> <br /> [0]:<br /> unreferenced object 0xffff88801edbc800 (size 2048):<br /> comm "syz-executor.1", pid 33269, jiffies 4295743834 (age 18.756s)<br /> hex dump (first 32 bytes):<br /> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> 00 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............<br /> backtrace:<br /> [] __do_kmalloc_node mm/slab_common.c:965 [inline]<br /> [] __kmalloc+0x4a/0x130 mm/slab_common.c:979<br /> [] kmalloc include/linux/slab.h:563 [inline]<br /> [] sk_prot_alloc+0xef/0x1b0 net/core/sock.c:2035<br /> [] sk_alloc+0x36/0x2f0 net/core/sock.c:2088<br /> [] tun_chr_open+0x3d/0x190 drivers/net/tun.c:3438<br /> [] misc_open+0x1a6/0x1f0 drivers/char/misc.c:165<br /> [] chrdev_open+0x111/0x300 fs/char_dev.c:414<br /> [] do_dentry_open+0x2f9/0x750 fs/open.c:920<br /> [] do_open fs/namei.c:3636 [inline]<br /> [] path_openat+0x143f/0x1a30 fs/namei.c:3791<br /> [] do_filp_open+0xce/0x1c0 fs/namei.c:3818<br /> [] do_sys_openat2+0xf0/0x260 fs/open.c:1356<br /> [] do_sys_open fs/open.c:1372 [inline]<br /> [] __do_sys_openat fs/open.c:1388 [inline]<br /> [] __se_sys_openat fs/open.c:1383 [inline]<br /> [] __x64_sys_openat+0x83/0xf0 fs/open.c:1383<br /> [] do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> [] do_syscall_64+0x3c/0x90 arch/x86/entry/common.c:80<br /> [] entry_SYSCALL_64_after_hwframe+0x72/0xdc<br /> <br /> unreferenced object 0xffff88802f671700 (size 240):<br /> comm "syz-executor.1", pid 33269, jiffies 4295743854 (age 18.736s)<br /> hex dump (first 32 bytes):<br /> 68 c9 db 1e 80 88 ff ff 68 c9 db 1e 80 88 ff ff h.......h.......<br /> 00 c0 7b 2f 80 88 ff ff 00 c8 db 1e 80 88 ff ff ..{/............<br /> backtrace:<br /> [] __alloc_skb+0x223/0x250 net/core/skbuff.c:644<br /> [] alloc_skb include/linux/skbuff.h:1288 [inline]<br /> [] alloc_skb_with_frags+0x6f/0x350 net/core/skbuff.c:6378<br /> [] sock_alloc_send_pskb+0x3ac/0x3e0 net/core/sock.c:2729<br /> [] tun_alloc_skb drivers/net/tun.c:1529 [inline]<br /> [

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/handshake: fix null-ptr-deref in handshake_nl_done_doit()<br /> <br /> We should not call trace_handshake_cmd_done_err() if socket lookup has failed.<br /> <br /> Also we should call trace_handshake_cmd_done_err() before releasing the file,<br /> otherwise dereferencing sock-&gt;sk can return garbage.<br /> <br /> This also reverts 7afc6d0a107f ("net/handshake: Fix uninitialized local variable")<br /> <br /> Unable to handle kernel paging request at virtual address dfff800000000003<br /> KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]<br /> Mem abort info:<br /> ESR = 0x0000000096000005<br /> EC = 0x25: DABT (current EL), IL = 32 bits<br /> SET = 0, FnV = 0<br /> EA = 0, S1PTW = 0<br /> FSC = 0x05: level 1 translation fault<br /> Data abort info:<br /> ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000<br /> CM = 0, WnR = 0, TnD = 0, TagAccess = 0<br /> GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0<br /> [dfff800000000003] address between user and kernel address ranges<br /> Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP<br /> Modules linked in:<br /> CPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023<br /> pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193<br /> lr : handshake_nl_done_doit+0x180/0x9c8<br /> sp : ffff800096e37180<br /> x29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000<br /> x26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8<br /> x23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000<br /> x20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000<br /> x17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001<br /> x14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000<br /> x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003<br /> x8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000<br /> x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078<br /> x2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000<br /> Call trace:<br /> handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193<br /> genl_family_rcv_msg_doit net/netlink/genetlink.c:970 [inline]<br /> genl_family_rcv_msg net/netlink/genetlink.c:1050 [inline]<br /> genl_rcv_msg+0x96c/0xc50 net/netlink/genetlink.c:1067<br /> netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2549<br /> genl_rcv+0x38/0x50 net/netlink/genetlink.c:1078<br /> netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]<br /> netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365<br /> netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1914<br /> sock_sendmsg_nosec net/socket.c:725 [inline]<br /> sock_sendmsg net/socket.c:748 [inline]<br /> ____sys_sendmsg+0x56c/0x840 net/socket.c:2494<br /> ___sys_sendmsg net/socket.c:2548 [inline]<br /> __sys_sendmsg+0x26c/0x33c net/socket.c:2577<br /> __do_sys_sendmsg net/socket.c:2586 [inline]<br /> __se_sys_sendmsg net/socket.c:2584 [inline]<br /> __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2584<br /> __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]<br /> invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51<br /> el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136<br /> do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155<br /> el0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678<br /> el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696<br /> el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591<br /> Code: 12800108 b90043e8 910062b3 d343fe68 (387b6908)

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL<br /> <br /> Commit 994f706872e6 ("srcu: Make Tree SRCU able to operate without<br /> snp_node array") assumes that cpu 0 is always online. However, there<br /> really are situations when some other CPU is the boot CPU, for example,<br /> when booting a kdump kernel with the maxcpus=1 boot parameter.<br /> <br /> On PowerPC, the kdump kernel can hang as follows:<br /> ...<br /> [ 1.740036] systemd[1]: Hostname set to <br /> [ 243.686240] INFO: task systemd:1 blocked for more than 122 seconds.<br /> [ 243.686264] Not tainted 6.1.0-rc1 #1<br /> [ 243.686272] "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> [ 243.686281] task:systemd state:D stack:0 pid:1 ppid:0 flags:0x00042000<br /> [ 243.686296] Call Trace:<br /> [ 243.686301] [c000000016657640] [c000000016657670] 0xc000000016657670 (unreliable)<br /> [ 243.686317] [c000000016657830] [c00000001001dec0] __switch_to+0x130/0x220<br /> [ 243.686333] [c000000016657890] [c000000010f607b8] __schedule+0x1f8/0x580<br /> [ 243.686347] [c000000016657940] [c000000010f60bb4] schedule+0x74/0x140<br /> [ 243.686361] [c0000000166579b0] [c000000010f699b8] schedule_timeout+0x168/0x1c0<br /> [ 243.686374] [c000000016657a80] [c000000010f61de8] __wait_for_common+0x148/0x360<br /> [ 243.686387] [c000000016657b20] [c000000010176bb0] __flush_work.isra.0+0x1c0/0x3d0<br /> [ 243.686401] [c000000016657bb0] [c0000000105f2768] fsnotify_wait_marks_destroyed+0x28/0x40<br /> [ 243.686415] [c000000016657bd0] [c0000000105f21b8] fsnotify_destroy_group+0x68/0x160<br /> [ 243.686428] [c000000016657c40] [c0000000105f6500] inotify_release+0x30/0xa0<br /> [ 243.686440] [c000000016657cb0] [c0000000105751a8] __fput+0xc8/0x350<br /> [ 243.686452] [c000000016657d00] [c00000001017d524] task_work_run+0xe4/0x170<br /> [ 243.686464] [c000000016657d50] [c000000010020e94] do_notify_resume+0x134/0x140<br /> [ 243.686478] [c000000016657d80] [c00000001002eb18] interrupt_exit_user_prepare_main+0x198/0x270<br /> [ 243.686493] [c000000016657de0] [c00000001002ec60] syscall_exit_prepare+0x70/0x180<br /> [ 243.686505] [c000000016657e10] [c00000001000bf7c] system_call_vectored_common+0xfc/0x280<br /> [ 243.686520] --- interrupt: 3000 at 0x7fffa47d5ba4<br /> [ 243.686528] NIP: 00007fffa47d5ba4 LR: 0000000000000000 CTR: 0000000000000000<br /> [ 243.686538] REGS: c000000016657e80 TRAP: 3000 Not tainted (6.1.0-rc1)<br /> [ 243.686548] MSR: 800000000000d033 CR: 42044440 XER: 00000000<br /> [ 243.686572] IRQMASK: 0<br /> [ 243.686572] GPR00: 0000000000000006 00007ffffa606710 00007fffa48e7200 0000000000000000<br /> [ 243.686572] GPR04: 0000000000000002 000000000000000a 0000000000000000 0000000000000001<br /> [ 243.686572] GPR08: 000001000c172dd0 0000000000000000 0000000000000000 0000000000000000<br /> [ 243.686572] GPR12: 0000000000000000 00007fffa4ff4bc0 0000000000000000 0000000000000000<br /> [ 243.686572] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000<br /> [ 243.686572] GPR20: 0000000132dfdc50 000000000000000e 0000000000189375 0000000000000000<br /> [ 243.686572] GPR24: 00007ffffa606ae0 0000000000000005 000001000c185490 000001000c172570<br /> [ 243.686572] GPR28: 000001000c172990 000001000c184850 000001000c172e00 00007fffa4fedd98<br /> [ 243.686683] NIP [00007fffa47d5ba4] 0x7fffa47d5ba4<br /> [ 243.686691] LR [0000000000000000] 0x0<br /> [ 243.686698] --- interrupt: 3000<br /> [ 243.686708] INFO: task kworker/u16:1:24 blocked for more than 122 seconds.<br /> [ 243.686717] Not tainted 6.1.0-rc1 #1<br /> [ 243.686724] "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> [ 243.686733] task:kworker/u16:1 state:D stack:0 pid:24 ppid:2 flags:0x00000800<br /> [ 243.686747] Workqueue: events_unbound fsnotify_mark_destroy_workfn<br /> [ 243.686758] Call Trace:<br /> [ 243.686762] [c0000000166736e0] [c00000004fd91000] 0xc00000004fd91000 (unreliable)<br /> [ 243.686775] [c0000000166738d0] [c00000001001dec0] __switch_to+0x130/0x220<br /> [ 243.686788] [c000000016673930] [c000000010f607b8] __schedule+0x1f8/0x<br /> ---truncated---

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: output extra debug info if we failed to find an inline backref<br /> <br /> [BUG]<br /> Syzbot reported several warning triggered inside<br /> lookup_inline_extent_backref().<br /> <br /> [CAUSE]<br /> As usual, the reproducer doesn&amp;#39;t reliably trigger locally here, but at<br /> least we know the WARN_ON() is triggered when an inline backref can not<br /> be found, and it can only be triggered when @insert is true. (I.e.<br /> inserting a new inline backref, which means the backref should already<br /> exist)<br /> <br /> [ENHANCEMENT]<br /> After the WARN_ON(), dump all the parameters and the extent tree<br /> leaf to help debug.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: hci_event: call disconnect callback before deleting conn<br /> <br /> In hci_cs_disconnect, we do hci_conn_del even if disconnection failed.<br /> <br /> ISO, L2CAP and SCO connections refer to the hci_conn without<br /> hci_conn_get, so disconn_cfm must be called so they can clean up their<br /> conn, otherwise use-after-free occurs.<br /> <br /> ISO:<br /> ==========================================================<br /> iso_sock_connect:880: sk 00000000eabd6557<br /> iso_connect_cis:356: 70:1a:b8:98:ff:a2 -&gt; 28:3d:c2:4a:7e:da<br /> ...<br /> iso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073<br /> hci_dev_put:1487: hci0 orig refcnt 17<br /> __iso_chan_add:214: conn 00000000b6251073<br /> iso_sock_clear_timer:117: sock 00000000eabd6557 state 3<br /> ...<br /> hci_rx_work:4085: hci0 Event packet<br /> hci_event_packet:7601: hci0: event 0x0f<br /> hci_cmd_status_evt:4346: hci0: opcode 0x0406<br /> hci_cs_disconnect:2760: hci0: status 0x0c<br /> hci_sent_cmd_data:3107: hci0 opcode 0x0406<br /> hci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560<br /> hci_conn_unlink:1102: hci0: hcon 000000001696f1fd<br /> hci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2<br /> hci_chan_list_flush:2780: hcon 000000001696f1fd<br /> hci_dev_put:1487: hci0 orig refcnt 21<br /> hci_dev_put:1487: hci0 orig refcnt 20<br /> hci_req_cmd_complete:3978: opcode 0x0406 status 0x0c<br /> ... ...<br /> iso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557<br /> BUG: kernel NULL pointer dereference, address: 0000000000000668<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] PREEMPT SMP PTI<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014<br /> RIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth<br /> ==========================================================<br /> <br /> L2CAP:<br /> ==================================================================<br /> hci_cmd_status_evt:4359: hci0: opcode 0x0406<br /> hci_cs_disconnect:2760: hci0: status 0x0c<br /> hci_sent_cmd_data:3085: hci0 opcode 0x0406<br /> hci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585<br /> hci_conn_unlink:1102: hci0: hcon ffff88800c999000<br /> hci_chan_list_flush:2780: hcon ffff88800c999000<br /> hci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280<br /> ...<br /> BUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]<br /> Read of size 8 at addr ffff888018ddd298 by task bluetoothd/1175<br /> <br /> CPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x5b/0x90<br /> print_report+0xcf/0x670<br /> ? __virt_addr_valid+0xf8/0x180<br /> ? hci_send_acl+0x2d/0x540 [bluetooth]<br /> kasan_report+0xa8/0xe0<br /> ? hci_send_acl+0x2d/0x540 [bluetooth]<br /> hci_send_acl+0x2d/0x540 [bluetooth]<br /> ? __pfx___lock_acquire+0x10/0x10<br /> l2cap_chan_send+0x1fd/0x1300 [bluetooth]<br /> ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]<br /> ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]<br /> ? lock_release+0x1d5/0x3c0<br /> ? mark_held_locks+0x1a/0x90<br /> l2cap_sock_sendmsg+0x100/0x170 [bluetooth]<br /> sock_write_iter+0x275/0x280<br /> ? __pfx_sock_write_iter+0x10/0x10<br /> ? __pfx___lock_acquire+0x10/0x10<br /> do_iter_readv_writev+0x176/0x220<br /> ? __pfx_do_iter_readv_writev+0x10/0x10<br /> ? find_held_lock+0x83/0xa0<br /> ? selinux_file_permission+0x13e/0x210<br /> do_iter_write+0xda/0x340<br /> vfs_writev+0x1b4/0x400<br /> ? __pfx_vfs_writev+0x10/0x10<br /> ? __seccomp_filter+0x112/0x750<br /> ? populate_seccomp_data+0x182/0x220<br /> ? __fget_light+0xdf/0x100<br /> ? do_writev+0x19d/0x210<br /> do_writev+0x19d/0x210<br /> ? __pfx_do_writev+0x10/0x10<br /> ? mark_held_locks+0x1a/0x90<br /> do_syscall_64+0x60/0x90<br /> ? lockdep_hardirqs_on_prepare+0x149/0x210<br /> ? do_syscall_64+0x6c/0x90<br /> ? lockdep_hardirqs_on_prepare+0x149/0x210<br /> entry_SYSCALL_64_after_hwframe+0x72/0xdc<br /> RIP: 0033:0x7ff45cb23e64<br /> Code: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89<br /> RSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014<br /> RAX: ffffffffffffffda RBX: <br /> ---truncated---

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clk: Fix memory leak in devm_clk_notifier_register()<br /> <br /> devm_clk_notifier_register() allocates a devres resource for clk<br /> notifier but didn&amp;#39;t register that to the device, so the notifier didn&amp;#39;t<br /> get unregistered on device detach and the allocated resource was leaked.<br /> <br /> Fix the issue by registering the resource through devres_add().<br /> <br /> This issue was found with kmemleak on a Chromebook.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: ses: Fix possible desc_ptr out-of-bounds accesses<br /> <br /> Sanitize possible desc_ptr out-of-bounds accesses in<br /> ses_enclosure_data_process().