Vulnerabilidades

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: idxd: Fix memory leak when a wq is reset<br /> <br /> idxd_wq_disable_cleanup() which is called from the reset path for a<br /> workqueue, sets the wq type to NONE, which for other parts of the<br /> driver mean that the wq is empty (all its resources were released).<br /> <br /> Only set the wq type to NONE after its resources are released.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: idxd: Fix possible invalid memory access after FLR<br /> <br /> In the case that the first Function Level Reset (FLR) concludes<br /> correctly, but in the second FLR the scratch area for the saved<br /> configuration cannot be allocated, it&amp;#39;s possible for a invalid memory<br /> access to happen.<br /> <br /> Always set the deallocated scratch area to NULL after FLR completes.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: idxd: Fix crash when the event log is disabled<br /> <br /> If reporting errors to the event log is not supported by the hardware,<br /> and an error that causes Function Level Reset (FLR) is received, the<br /> driver will try to restore the event log even if it was not allocated.<br /> <br /> Also, only try to free the event log if it was properly allocated.

*** Pendiente de traducción *** Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: fix leak of kobject name for sub-group space_info<br /> <br /> When create_space_info_sub_group() allocates elements of<br /> space_info-&gt;sub_group[], kobject_init_and_add() is called for each<br /> element via btrfs_sysfs_add_space_info_type(). However, when<br /> check_removing_space_info() frees these elements, it does not call<br /> btrfs_sysfs_remove_space_info() on them. As a result, kobject_put() is<br /> not called and the associated kobj-&gt;name objects are leaked.<br /> <br /> This memory leak is reproduced by running the blktests test case<br /> zbd/009 on kernels built with CONFIG_DEBUG_KMEMLEAK. The kmemleak<br /> feature reports the following error:<br /> <br /> unreferenced object 0xffff888112877d40 (size 16):<br /> comm "mount", pid 1244, jiffies 4294996972<br /> hex dump (first 16 bytes):<br /> 64 61 74 61 2d 72 65 6c 6f 63 00 c4 c6 a7 cb 7f data-reloc......<br /> backtrace (crc 53ffde4d):<br /> __kmalloc_node_track_caller_noprof+0x619/0x870<br /> kstrdup+0x42/0xc0<br /> kobject_set_name_vargs+0x44/0x110<br /> kobject_init_and_add+0xcf/0x150<br /> btrfs_sysfs_add_space_info_type+0xfc/0x210 [btrfs]<br /> create_space_info_sub_group.constprop.0+0xfb/0x1b0 [btrfs]<br /> create_space_info+0x211/0x320 [btrfs]<br /> btrfs_init_space_info+0x15a/0x1b0 [btrfs]<br /> open_ctree+0x33c7/0x4a50 [btrfs]<br /> btrfs_get_tree.cold+0x9f/0x1ee [btrfs]<br /> vfs_get_tree+0x87/0x2f0<br /> vfs_cmd_create+0xbd/0x280<br /> __do_sys_fsconfig+0x3df/0x990<br /> do_syscall_64+0x136/0x1540<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> <br /> To avoid the leak, call btrfs_sysfs_remove_space_info() instead of<br /> kfree() for the elements.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfs: Fix read abandonment during retry<br /> <br /> Under certain circumstances, all the remaining subrequests from a read<br /> request will get abandoned during retry. The abandonment process expects<br /> the &amp;#39;subreq&amp;#39; variable to be set to the place to start abandonment from, but<br /> it doesn&amp;#39;t always have a useful value (it will be uninitialised on the<br /> first pass through the loop and it may point to a deleted subrequest on<br /> later passes).<br /> <br /> Fix the first jump to "abandon:" to set subreq to the start of the first<br /> subrequest expected to need retry (which, in this abandonment case, turned<br /> out unexpectedly to no longer have NEED_RETRY set).<br /> <br /> Also clear the subreq pointer after discarding superfluous retryable<br /> subrequests to cause an oops if we do try to access it.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()<br /> <br /> At the end of this function, d is the traversal cursor of flist, but the<br /> code completes found instead. This can lead to issues such as NULL pointer<br /> dereferences, double completion, or descriptor leaks.<br /> <br /> Fix this by completing d instead of found in the final<br /> list_for_each_entry_safe() loop.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry<br /> <br /> When a write subrequest is marked NETFS_SREQ_NEED_RETRY, the retry path<br /> in netfs_unbuffered_write() unconditionally calls stream-&gt;prepare_write()<br /> without checking if it is NULL.<br /> <br /> Filesystems such as 9P do not set the prepare_write operation, so<br /> stream-&gt;prepare_write remains NULL. When get_user_pages() fails with<br /> -EFAULT and the subrequest is flagged for retry, this results in a NULL<br /> pointer dereference at fs/netfs/direct_write.c:189.<br /> <br /> Fix this by mirroring the pattern already used in write_retry.c: if<br /> stream-&gt;prepare_write is NULL, skip renegotiation and directly reissue<br /> the subrequest via netfs_reissue_write(), which handles iterator reset,<br /> IN_PROGRESS flag, stats update and reissue internally.

*** Pendiente de traducción *** Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

*** Pendiente de traducción *** Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

*** Pendiente de traducción *** Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

*** Pendiente de traducción *** Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745.