Vulnerabilities

A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely.

A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-maid.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as problematic, was found in PHPGurukul Maid Hiring Management System 1.0. Affected is an unknown function of the file /admin/contactus.php of the component Contact Us Page. The manipulation of the argument page title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING<br /> <br /> In fscache_create_volume(), there is a missing memory barrier between the<br /> bit-clearing operation and the wake-up operation. This may cause a<br /> situation where, after a wake-up, the bit-clearing operation hasn&amp;#39;t been<br /> detected yet, leading to an indefinite wait. The triggering process is as<br /> follows:<br /> <br /> [cookie1] [cookie2] [volume_work]<br /> fscache_perform_lookup<br /> fscache_create_volume<br /> fscache_perform_lookup<br /> fscache_create_volume<br /> fscache_create_volume_work<br /> cachefiles_acquire_volume<br /> clear_and_wake_up_bit<br /> test_and_set_bit<br /> test_and_set_bit<br /> goto maybe_wait<br /> goto no_wait<br /> <br /> In the above process, cookie1 and cookie2 has the same volume. When cookie1<br /> enters the -no_wait- process, it will clear the bit and wake up the waiting<br /> process. If a barrier is missing, it may cause cookie2 to remain in the<br /> -wait- process indefinitely.<br /> <br /> In commit 3288666c7256 ("fscache: Use clear_and_wake_up_bit() in<br /> fscache_create_volume_work()"), barriers were added to similar operations<br /> in fscache_create_volume_work(), but fscache_create_volume() was missed.<br /> <br /> By combining the clear and wake operations into clear_and_wake_up_bit() to<br /> fix this issue.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvme-pci: fix freeing of the HMB descriptor table<br /> <br /> The HMB descriptor table is sized to the maximum number of descriptors<br /> that could be used for a given device, but __nvme_alloc_host_mem could<br /> break out of the loop earlier on memory allocation failure and end up<br /> using less descriptors than planned for, which leads to an incorrect<br /> size passed to dma_free_coherent.<br /> <br /> In practice this was not showing up because the number of descriptors<br /> tends to be low and the dma coherent allocator always allocates and<br /> frees at least a page.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> erofs: fix blksize s_blocksize{,_bits} directly for file-backed<br /> mounts when the fs block size is smaller than PAGE_SIZE.<br /> <br /> Previously, EROFS used sb_set_blocksize(), which caused<br /> a panic if bdev-backed mounts is not used.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dlm: fix dlm_recover_members refcount on error<br /> <br /> If dlm_recover_members() fails we don&amp;#39;t drop the references of the<br /> previous created root_list that holds and keep all rsbs alive during the<br /> recovery. It might be not an unlikely event because ping_members() could<br /> run into an -EINTR if another recovery progress was triggered again.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()<br /> <br /> When the call to gf100_grctx_generate() fails, unlock gr-&gt;fecs.mutex<br /> before returning the error.<br /> <br /> Fixes smatch warning:<br /> <br /> drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c:480 gf100_gr_chan_new() warn: inconsistent returns &amp;#39;&amp;gr-&gt;fecs.mutex&amp;#39;.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module<br /> <br /> This commit addresses an omission in the previous patch related to the<br /> cleaner shader support for GFX9 hardware. Specifically, it adds the<br /> necessary deinitialization code for the cleaner shader in the<br /> gfx_v9_0_sw_fini function.<br /> <br /> The added line amdgpu_gfx_cleaner_shader_sw_fini(adev); ensures that any<br /> allocated resources for the cleaner shader are freed correctly, avoiding<br /> potential memory leaks and ensuring that the GPU state is clean for the<br /> next initialization sequence.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: caam - Fix the pointer passed to caam_qi_shutdown()<br /> <br /> The type of the last parameter given to devm_add_action_or_reset() is<br /> "struct caam_drv_private *", but in caam_qi_shutdown(), it is casted to<br /> "struct device *".<br /> <br /> Pass the correct parameter to devm_add_action_or_reset() so that the<br /> resources are released as expected.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()<br /> <br /> Hook "qedi_ops-&gt;common-&gt;sb_init = qed_sb_init" does not release the DMA<br /> memory sb_virt when it fails. Add dma_free_coherent() to free it. This<br /> is the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb().