Vulnerabilidades

*** Pendiente de traducción *** Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors.

*** Pendiente de traducción *** Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.

*** Pendiente de traducción *** Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.

*** Pendiente de traducción *** Incorrect access control in the component ApiPayController.java of platform v1.0.0 allows attackers to access sensitive information via unspecified vectors.

*** Pendiente de traducción *** Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request.

*** Pendiente de traducción *** Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vfat: fix missing sb_min_blocksize() return value checks<br /> <br /> When emulating an nvme device on qemu with both logical_block_size and<br /> physical_block_size set to 8 KiB, but without format, a kernel panic<br /> was triggered during the early boot stage while attempting to mount a<br /> vfat filesystem.<br /> <br /> [95553.682035] EXT4-fs (nvme0n1): unable to set blocksize<br /> [95553.684326] EXT4-fs (nvme0n1): unable to set blocksize<br /> [95553.686501] EXT4-fs (nvme0n1): unable to set blocksize<br /> [95553.696448] ISOFS: unsupported/invalid hardware sector size 8192<br /> [95553.697117] ------------[ cut here ]------------<br /> [95553.697567] kernel BUG at fs/buffer.c:1582!<br /> [95553.697984] Oops: invalid opcode: 0000 [#1] SMP NOPTI<br /> [95553.698602] CPU: 0 UID: 0 PID: 7212 Comm: mount Kdump: loaded Not tainted 6.18.0-rc2+ #38 PREEMPT(voluntary)<br /> [95553.699511] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014<br /> [95553.700534] RIP: 0010:folio_alloc_buffers+0x1bb/0x1c0<br /> [95553.701018] Code: 48 8b 15 e8 93 18 02 65 48 89 35 e0 93 18 02 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff c3 cc cc cc cc 0b 90 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f<br /> [95553.702648] RSP: 0018:ffffd1b0c676f990 EFLAGS: 00010246<br /> [95553.703132] RAX: ffff8cfc4176d820 RBX: 0000000000508c48 RCX: 0000000000000001<br /> [95553.703805] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 0000000000000000<br /> [95553.704481] RBP: ffffd1b0c676f9c8 R08: 0000000000000000 R09: 0000000000000000<br /> [95553.705148] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001<br /> [95553.705816] R13: 0000000000002000 R14: fffff8bc8257e800 R15: 0000000000000000<br /> [95553.706483] FS: 000072ee77315840(0000) GS:ffff8cfdd2c8d000(0000) knlGS:0000000000000000<br /> [95553.707248] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [95553.707782] CR2: 00007d8f2a9e5a20 CR3: 0000000039d0c006 CR4: 0000000000772ef0<br /> [95553.708439] PKRU: 55555554<br /> [95553.708734] Call Trace:<br /> [95553.709015] <br /> [95553.709266] __getblk_slow+0xd2/0x230<br /> [95553.709641] ? find_get_block_common+0x8b/0x530<br /> [95553.710084] bdev_getblk+0x77/0xa0<br /> [95553.710449] __bread_gfp+0x22/0x140<br /> [95553.710810] fat_fill_super+0x23a/0xfc0<br /> [95553.711216] ? __pfx_setup+0x10/0x10<br /> [95553.711580] ? __pfx_vfat_fill_super+0x10/0x10<br /> [95553.712014] vfat_fill_super+0x15/0x30<br /> [95553.712401] get_tree_bdev_flags+0x141/0x1e0<br /> [95553.712817] get_tree_bdev+0x10/0x20<br /> [95553.713177] vfat_get_tree+0x15/0x20<br /> [95553.713550] vfs_get_tree+0x2a/0x100<br /> [95553.713910] vfs_cmd_create+0x62/0xf0<br /> [95553.714273] __do_sys_fsconfig+0x4e7/0x660<br /> [95553.714669] __x64_sys_fsconfig+0x20/0x40<br /> [95553.715062] x64_sys_call+0x21ee/0x26a0<br /> [95553.715453] do_syscall_64+0x80/0x670<br /> [95553.715816] ? __fs_parse+0x65/0x1e0<br /> [95553.716172] ? fat_parse_param+0x103/0x4b0<br /> [95553.716587] ? vfs_parse_fs_param_source+0x21/0xa0<br /> [95553.717034] ? __do_sys_fsconfig+0x3d9/0x660<br /> [95553.717548] ? __x64_sys_fsconfig+0x20/0x40<br /> [95553.717957] ? x64_sys_call+0x21ee/0x26a0<br /> [95553.718360] ? do_syscall_64+0xb8/0x670<br /> [95553.718734] ? __x64_sys_fsconfig+0x20/0x40<br /> [95553.719141] ? x64_sys_call+0x21ee/0x26a0<br /> [95553.719545] ? do_syscall_64+0xb8/0x670<br /> [95553.719922] ? x64_sys_call+0x1405/0x26a0<br /> [95553.720317] ? do_syscall_64+0xb8/0x670<br /> [95553.720702] ? __x64_sys_close+0x3e/0x90<br /> [95553.721080] ? x64_sys_call+0x1b5e/0x26a0<br /> [95553.721478] ? do_syscall_64+0xb8/0x670<br /> [95553.721841] ? irqentry_exit+0x43/0x50<br /> [95553.722211] ? exc_page_fault+0x90/0x1b0<br /> [95553.722681] entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> [95553.723166] RIP: 0033:0x72ee774f3afe<br /> [95553.723562] Code: 73 01 c3 48 8b 0d 0a 33 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 49 89 ca b8 af 01 00 00 0f 05 3d 01 f0 ff ff 73 01 c3 48 8b 0d da 32 0f 00 f7 d8 64 89 01 48<br /> [95553.725188] RSP: 002b:00007ffe97148978 EFLAGS: 00000246 ORIG_RAX: 00000000000001af<br /> [95553.725892] RAX: ffffffffffffffda RBX: <br /> ---truncated---

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: arm64: Check the untrusted offset in FF-A memory share<br /> <br /> Verify the offset to prevent OOB access in the hypervisor<br /> FF-A buffer in case an untrusted large enough value<br /> [U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX]<br /> is set from the host kernel.

*** Pendiente de traducción *** Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvme: nvme-fc: Ensure -&gt;ioerr_work is cancelled in nvme_fc_delete_ctrl()<br /> <br /> nvme_fc_delete_assocation() waits for pending I/O to complete before<br /> returning, and an error can cause -&gt;ioerr_work to be queued after<br /> cancel_work_sync() had been called. Move the call to cancel_work_sync() to<br /> be after nvme_fc_delete_association() to ensure -&gt;ioerr_work is not running<br /> when the nvme_fc_ctrl object is freed. Otherwise the following can occur:<br /> <br /> [ 1135.911754] list_del corruption, ff2d24c8093f31f8-&gt;next is NULL<br /> [ 1135.917705] ------------[ cut here ]------------<br /> [ 1135.922336] kernel BUG at lib/list_debug.c:52!<br /> [ 1135.926784] Oops: invalid opcode: 0000 [#1] SMP NOPTI<br /> [ 1135.931851] CPU: 48 UID: 0 PID: 726 Comm: kworker/u449:23 Kdump: loaded Not tainted 6.12.0 #1 PREEMPT(voluntary)<br /> [ 1135.943490] Hardware name: Dell Inc. PowerEdge R660/0HGTK9, BIOS 2.5.4 01/16/2025<br /> [ 1135.950969] Workqueue: 0x0 (nvme-wq)<br /> [ 1135.954673] RIP: 0010:__list_del_entry_valid_or_report.cold+0xf/0x6f<br /> [ 1135.961041] Code: c7 c7 98 68 72 94 e8 26 45 fe ff 0f 0b 48 c7 c7 70 68 72 94 e8 18 45 fe ff 0f 0b 48 89 fe 48 c7 c7 80 69 72 94 e8 07 45 fe ff 0b 48 89 d1 48 c7 c7 a0 6a 72 94 48 89 c2 e8 f3 44 fe ff 0f 0b<br /> [ 1135.979788] RSP: 0018:ff579b19482d3e50 EFLAGS: 00010046<br /> [ 1135.985015] RAX: 0000000000000033 RBX: ff2d24c8093f31f0 RCX: 0000000000000000<br /> [ 1135.992148] RDX: 0000000000000000 RSI: ff2d24d6bfa1d0c0 RDI: ff2d24d6bfa1d0c0<br /> [ 1135.999278] RBP: ff2d24c8093f31f8 R08: 0000000000000000 R09: ffffffff951e2b08<br /> [ 1136.006413] R10: ffffffff95122ac8 R11: 0000000000000003 R12: ff2d24c78697c100<br /> [ 1136.013546] R13: fffffffffffffff8 R14: 0000000000000000 R15: ff2d24c78697c0c0<br /> [ 1136.020677] FS: 0000000000000000(0000) GS:ff2d24d6bfa00000(0000) knlGS:0000000000000000<br /> [ 1136.028765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 1136.034510] CR2: 00007fd207f90b80 CR3: 000000163ea22003 CR4: 0000000000f73ef0<br /> [ 1136.041641] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> [ 1136.048776] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400<br /> [ 1136.055910] PKRU: 55555554<br /> [ 1136.058623] Call Trace:<br /> [ 1136.061074] <br /> [ 1136.063179] ? show_trace_log_lvl+0x1b0/0x2f0<br /> [ 1136.067540] ? show_trace_log_lvl+0x1b0/0x2f0<br /> [ 1136.071898] ? move_linked_works+0x4a/0xa0<br /> [ 1136.075998] ? __list_del_entry_valid_or_report.cold+0xf/0x6f<br /> [ 1136.081744] ? __die_body.cold+0x8/0x12<br /> [ 1136.085584] ? die+0x2e/0x50<br /> [ 1136.088469] ? do_trap+0xca/0x110<br /> [ 1136.091789] ? do_error_trap+0x65/0x80<br /> [ 1136.095543] ? __list_del_entry_valid_or_report.cold+0xf/0x6f<br /> [ 1136.101289] ? exc_invalid_op+0x50/0x70<br /> [ 1136.105127] ? __list_del_entry_valid_or_report.cold+0xf/0x6f<br /> [ 1136.110874] ? asm_exc_invalid_op+0x1a/0x20<br /> [ 1136.115059] ? __list_del_entry_valid_or_report.cold+0xf/0x6f<br /> [ 1136.120806] move_linked_works+0x4a/0xa0<br /> [ 1136.124733] worker_thread+0x216/0x3a0<br /> [ 1136.128485] ? __pfx_worker_thread+0x10/0x10<br /> [ 1136.132758] kthread+0xfa/0x240<br /> [ 1136.135904] ? __pfx_kthread+0x10/0x10<br /> [ 1136.139657] ret_from_fork+0x31/0x50<br /> [ 1136.143236] ? __pfx_kthread+0x10/0x10<br /> [ 1136.146988] ret_from_fork_asm+0x1a/0x30<br /> [ 1136.150915]

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Input: imx_sc_key - fix memory corruption on unload<br /> <br /> This is supposed to be "priv" but we accidentally pass "&amp;priv" which is<br /> an address in the stack and so it will lead to memory corruption when<br /> the imx_sc_key_action() function is called. Remove the &amp;.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Input: cros_ec_keyb - fix an invalid memory access<br /> <br /> If cros_ec_keyb_register_matrix() isn&amp;#39;t called (due to<br /> `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev-&gt;idev` remains<br /> NULL. An invalid memory access is observed in cros_ec_keyb_process()<br /> when receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work()<br /> in such case.<br /> <br /> Unable to handle kernel read from unreadable memory at virtual address 0000000000000028<br /> ...<br /> x3 : 0000000000000000 x2 : 0000000000000000<br /> x1 : 0000000000000000 x0 : 0000000000000000<br /> Call trace:<br /> input_event<br /> cros_ec_keyb_work<br /> blocking_notifier_call_chain<br /> ec_irq_thread<br /> <br /> It&amp;#39;s still unknown about why the kernel receives such malformed event,<br /> in any cases, the kernel shouldn&amp;#39;t access `ckdev-&gt;idev` and friends if<br /> the driver doesn&amp;#39;t intend to initialize them.