Vulnerabilities

Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/prom_init: Fixup missing powermac #size-cells<br /> <br /> On some powermacs `escc` nodes are missing `#size-cells` properties,<br /> which is deprecated and now triggers a warning at boot since commit<br /> 045b14ca5c36 ("of: WARN on deprecated #address-cells/#size-cells<br /> handling").<br /> <br /> For example:<br /> <br /> Missing &amp;#39;#size-cells&amp;#39; in /pci@f2000000/mac-io@c/escc@13000<br /> WARNING: CPU: 0 PID: 0 at drivers/of/base.c:133 of_bus_n_size_cells+0x98/0x108<br /> Hardware name: PowerMac3,1 7400 0xc0209 PowerMac<br /> ...<br /> Call Trace:<br /> of_bus_n_size_cells+0x98/0x108 (unreliable)<br /> of_bus_default_count_cells+0x40/0x60<br /> __of_get_address+0xc8/0x21c<br /> __of_address_to_resource+0x5c/0x228<br /> pmz_init_port+0x5c/0x2ec<br /> pmz_probe.isra.0+0x144/0x1e4<br /> pmz_console_init+0x10/0x48<br /> console_init+0xcc/0x138<br /> start_kernel+0x5c4/0x694<br /> <br /> As powermacs boot via prom_init it&amp;#39;s possible to add the missing<br /> properties to the device tree during boot, avoiding the warning. Note<br /> that `escc-legacy` nodes are also missing `#size-cells` properties, but<br /> they are skipped by the macio driver, so leave them alone.<br /> <br /> Depends-on: 045b14ca5c36 ("of: WARN on deprecated #address-cells/#size-cells handling")

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()<br /> <br /> acpi_dev_hid_match() does not check for adev == NULL, dereferencing<br /> it unconditional.<br /> <br /> Add a check for adev being NULL before calling acpi_dev_hid_match().<br /> <br /> At the moment acpi_quirk_skip_serdev_enumeration() is never called with<br /> a controller_parent without an ACPI companion, but better safe than sorry.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level<br /> <br /> cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to<br /> restrict this maximum depth to a more reasonable value not to harm<br /> performance. Remove unnecessary WARN_ON_ONCE which is reachable from<br /> userspace.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Adding array index check to prevent memory corruption<br /> <br /> [Why &amp; How]<br /> Array indices out of bound caused memory corruption. Adding checks to<br /> ensure that array index stays in bound.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a<br /> <br /> Fix the dtc warnings:<br /> <br /> arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: &amp;#39;#interrupt-cells&amp;#39; found, but node is not an interrupt provider<br /> arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: &amp;#39;#interrupt-cells&amp;#39; found, but node is not an interrupt provider<br /> arch/mips/boot/dts/loongson/loongson64g_4core_ls7a.dtb: Warning (interrupt_map): Failed prerequisite &amp;#39;interrupt_provider&amp;#39;<br /> <br /> And a runtime warning introduced in commit 045b14ca5c36 ("of: WARN on<br /> deprecated #address-cells/#size-cells handling"):<br /> <br /> WARNING: CPU: 0 PID: 1 at drivers/of/base.c:106 of_bus_n_addr_cells+0x9c/0xe0<br /> Missing &amp;#39;#address-cells&amp;#39; in /bus@10000000/pci@1a000000/pci_bridge@9,0<br /> <br /> The fix is similar to commit d89a415ff8d5 ("MIPS: Loongson64: DTS: Fix PCIe<br /> port nodes for ls7a"), which has fixed the issue for ls2k (despite its<br /> subject mentions ls7a).

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> soc: imx8m: Probe the SoC driver as platform driver<br /> <br /> With driver_async_probe=* on kernel command line, the following trace is<br /> produced because on i.MX8M Plus hardware because the soc-imx8m.c driver<br /> calls of_clk_get_by_name() which returns -EPROBE_DEFER because the clock<br /> driver is not yet probed. This was not detected during regular testing<br /> without driver_async_probe.<br /> <br /> Convert the SoC code to platform driver and instantiate a platform device<br /> in its current device_initcall() to probe the platform driver. Rework<br /> .soc_revision callback to always return valid error code and return SoC<br /> revision via parameter. This way, if anything in the .soc_revision callback<br /> return -EPROBE_DEFER, it gets propagated to .probe and the .probe will get<br /> retried later.<br /> <br /> "<br /> ------------[ cut here ]------------<br /> WARNING: CPU: 1 PID: 1 at drivers/soc/imx/soc-imx8m.c:115 imx8mm_soc_revision+0xdc/0x180<br /> CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.11.0-next-20240924-00002-g2062bb554dea #603<br /> Hardware name: DH electronics i.MX8M Plus DHCOM Premium Developer Kit (3) (DT)<br /> pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : imx8mm_soc_revision+0xdc/0x180<br /> lr : imx8mm_soc_revision+0xd0/0x180<br /> sp : ffff8000821fbcc0<br /> x29: ffff8000821fbce0 x28: 0000000000000000 x27: ffff800081810120<br /> x26: ffff8000818a9970 x25: 0000000000000006 x24: 0000000000824311<br /> x23: ffff8000817f42c8 x22: ffff0000df8be210 x21: fffffffffffffdfb<br /> x20: ffff800082780000 x19: 0000000000000001 x18: ffffffffffffffff<br /> x17: ffff800081fff418 x16: ffff8000823e1000 x15: ffff0000c03b65e8<br /> x14: ffff0000c00051b0 x13: ffff800082790000 x12: 0000000000000801<br /> x11: ffff80008278ffff x10: ffff80008209d3a6 x9 : ffff80008062e95c<br /> x8 : ffff8000821fb9a0 x7 : 0000000000000000 x6 : 00000000000080e3<br /> x5 : ffff0000df8c03d8 x4 : 0000000000000000 x3 : 0000000000000000<br /> x2 : 0000000000000000 x1 : fffffffffffffdfb x0 : fffffffffffffdfb<br /> Call trace:<br /> imx8mm_soc_revision+0xdc/0x180<br /> imx8_soc_init+0xb0/0x1e0<br /> do_one_initcall+0x94/0x1a8<br /> kernel_init_freeable+0x240/0x2a8<br /> kernel_init+0x28/0x140<br /> ret_from_fork+0x10/0x20<br /> ---[ end trace 0000000000000000 ]---<br /> SoC: i.MX8MP revision 1.1<br /> "

A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> kunit: Fix potential null dereference in kunit_device_driver_test()<br /> <br /> kunit_kzalloc() may return a NULL pointer, dereferencing it without<br /> NULL check may lead to NULL dereference.<br /> Add a NULL check for test_state.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: add a sanity check for btrfs root in btrfs_search_slot()<br /> <br /> Syzbot reports a null-ptr-deref in btrfs_search_slot().<br /> <br /> The reproducer is using rescue=ibadroots, and the extent tree root is<br /> corrupted thus the extent tree is NULL.<br /> <br /> When scrub tries to search the extent tree to gather the needed extent<br /> info, btrfs_search_slot() doesn&amp;#39;t check if the target root is NULL or<br /> not, resulting the null-ptr-deref.<br /> <br /> Add sanity check for btrfs root before using it in btrfs_search_slot().

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Fix handling of plane refcount<br /> <br /> [Why]<br /> The mechanism to backup and restore plane states doesn&amp;#39;t maintain<br /> refcount, which can cause issues if the refcount of the plane changes<br /> in between backup and restore operations, such as memory leaks if the<br /> refcount was supposed to go down, or double frees / invalid memory<br /> accesses if the refcount was supposed to go up.<br /> <br /> [How]<br /> Cache and re-apply current refcount when restoring plane states.