Vulnerabilidades

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Revert "fs/ntfs3: Replace inode_trylock with inode_lock"<br /> <br /> This reverts commit 69505fe98f198ee813898cbcaf6770949636430b.<br /> <br /> Initially, conditional lock acquisition was removed to fix an xfstest bug<br /> that was observed during internal testing. The deadlock reported by syzbot<br /> is resolved by reintroducing conditional acquisition. The xfstest bug no<br /> longer occurs on kernel version 6.16-rc1 during internal testing. I<br /> assume that changes in other modules may have contributed to this.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> team: replace team lock with rtnl lock<br /> <br /> syszbot reports various ordering issues for lower instance locks and<br /> team lock. Switch to using rtnl lock for protecting team device,<br /> similar to bonding. Based on the patch by Tetsuo Handa.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: vm_unmap_ram() may be called from an invalid context<br /> <br /> When testing F2FS with xfstests using UFS backed virtual disks the<br /> kernel complains sometimes that f2fs_release_decomp_mem() calls<br /> vm_unmap_ram() from an invalid context. Example trace from<br /> f2fs/007 test:<br /> <br /> f2fs/007 5s ... [12:59:38][ 8.902525] run fstests f2fs/007<br /> [ 11.468026] BUG: sleeping function called from invalid context at mm/vmalloc.c:2978<br /> [ 11.471849] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 68, name: irq/22-ufshcd<br /> [ 11.475357] preempt_count: 1, expected: 0<br /> [ 11.476970] RCU nest depth: 0, expected: 0<br /> [ 11.478531] CPU: 0 UID: 0 PID: 68 Comm: irq/22-ufshcd Tainted: G W 6.16.0-rc5-xfstests-ufs-g40f92e79b0aa #9 PREEMPT(none)<br /> [ 11.478535] Tainted: [W]=WARN<br /> [ 11.478536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br /> [ 11.478537] Call Trace:<br /> [ 11.478543] <br /> [ 11.478545] dump_stack_lvl+0x4e/0x70<br /> [ 11.478554] __might_resched.cold+0xaf/0xbe<br /> [ 11.478557] vm_unmap_ram+0x21/0xb0<br /> [ 11.478560] f2fs_release_decomp_mem+0x59/0x80<br /> [ 11.478563] f2fs_free_dic+0x18/0x1a0<br /> [ 11.478565] f2fs_finish_read_bio+0xd7/0x290<br /> [ 11.478570] blk_update_request+0xec/0x3b0<br /> [ 11.478574] ? sbitmap_queue_clear+0x3b/0x60<br /> [ 11.478576] scsi_end_request+0x27/0x1a0<br /> [ 11.478582] scsi_io_completion+0x40/0x300<br /> [ 11.478583] ufshcd_mcq_poll_cqe_lock+0xa3/0xe0<br /> [ 11.478588] ufshcd_sl_intr+0x194/0x1f0<br /> [ 11.478592] ufshcd_threaded_intr+0x68/0xb0<br /> [ 11.478594] ? __pfx_irq_thread_fn+0x10/0x10<br /> [ 11.478599] irq_thread_fn+0x20/0x60<br /> [ 11.478602] ? __pfx_irq_thread_fn+0x10/0x10<br /> [ 11.478603] irq_thread+0xb9/0x180<br /> [ 11.478605] ? __pfx_irq_thread_dtor+0x10/0x10<br /> [ 11.478607] ? __pfx_irq_thread+0x10/0x10<br /> [ 11.478609] kthread+0x10a/0x230<br /> [ 11.478614] ? __pfx_kthread+0x10/0x10<br /> [ 11.478615] ret_from_fork+0x7e/0xd0<br /> [ 11.478619] ? __pfx_kthread+0x10/0x10<br /> [ 11.478621] ret_from_fork_asm+0x1a/0x30<br /> [ 11.478623] <br /> <br /> This patch modifies in_task() check inside f2fs_read_end_io() to also<br /> check if interrupts are disabled. This ensures that pages are unmapped<br /> asynchronously in an interrupt handler.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()<br /> <br /> The function needs to check the minimal filehandle length before it can<br /> access the embedded filehandle.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()<br /> <br /> ath11k_mac_disable_peer_fixed_rate() is passed as the iterator to<br /> ieee80211_iterate_stations_atomic(). Note in this case the iterator is<br /> required to be atomic, however ath11k_mac_disable_peer_fixed_rate() does<br /> not follow it as it might sleep. Consequently below warning is seen:<br /> <br /> BUG: sleeping function called from invalid context at wmi.c:304<br /> Call Trace:<br /> <br /> dump_stack_lvl<br /> __might_resched.cold<br /> ath11k_wmi_cmd_send<br /> ath11k_wmi_set_peer_param<br /> ath11k_mac_disable_peer_fixed_rate<br /> ieee80211_iterate_stations_atomic<br /> ath11k_mac_op_set_bitrate_mask.cold<br /> <br /> Change to ieee80211_iterate_stations_mtx() to fix this issue.<br /> <br /> Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: ccp - Fix dereferencing uninitialized error pointer<br /> <br /> Fix below smatch warnings:<br /> drivers/crypto/ccp/sev-dev.c:1312 __sev_platform_init_locked()<br /> error: we previously assumed &amp;#39;error&amp;#39; could be null

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: swap: fix potential buffer overflow in setup_clusters()<br /> <br /> In setup_swap_map(), we only ensure badpages are in range (0, last_page]. <br /> As maxpages might be = maxpages.<br /> <br /> Only call inc_cluster_info_page() for badpage which is

*** Pendiente de traducción *** A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

*** Pendiente de traducción *** A vulnerability was detected in itsourcecode POS Point of Sale System 1.0. The impacted element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/empty_table.php. Performing manipulation of the argument scripts results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.

*** Pendiente de traducción *** IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0  Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user.

*** Pendiente de traducción *** A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of the argument scripts leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

*** Pendiente de traducción *** A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This issue affects some unknown processing of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited.