Vulnerabilities

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Checkout Authentication Flow component

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/i915/gt: Check set_default_submission() before deferencing<br /> <br /> When the i915 driver firmware binaries are not present, the<br /> set_default_submission pointer is not set. This pointer is<br /> dereferenced during suspend anyways.<br /> <br /> Add a check to make sure it is set before dereferencing.<br /> <br /> [ 23.289926] PM: suspend entry (deep)<br /> [ 23.293558] Filesystems sync: 0.000 seconds<br /> [ 23.298010] Freezing user space processes<br /> [ 23.302771] Freezing user space processes completed (elapsed 0.000 seconds)<br /> [ 23.309766] OOM killer disabled.<br /> [ 23.313027] Freezing remaining freezable tasks<br /> [ 23.318540] Freezing remaining freezable tasks completed (elapsed 0.001 seconds)<br /> [ 23.342038] serial 00:05: disabled<br /> [ 23.345719] serial 00:02: disabled<br /> [ 23.349342] serial 00:01: disabled<br /> [ 23.353782] sd 0:0:0:0: [sda] Synchronizing SCSI cache<br /> [ 23.358993] sd 1:0:0:0: [sdb] Synchronizing SCSI cache<br /> [ 23.361635] ata1.00: Entering standby power mode<br /> [ 23.368863] ata2.00: Entering standby power mode<br /> [ 23.445187] BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> [ 23.452194] #PF: supervisor instruction fetch in kernel mode<br /> [ 23.457896] #PF: error_code(0x0010) - not-present page<br /> [ 23.463065] PGD 0 P4D 0<br /> [ 23.465640] Oops: Oops: 0010 [#1] SMP NOPTI<br /> [ 23.469869] CPU: 8 UID: 0 PID: 211 Comm: kworker/u48:18 Tainted: G S W 6.19.0-rc4-00020-gf0b9d8eb98df #10 PREEMPT(voluntary)<br /> [ 23.482512] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN<br /> [ 23.496511] Workqueue: async async_run_entry_fn<br /> [ 23.501087] RIP: 0010:0x0<br /> [ 23.503755] Code: Unable to access opcode bytes at 0xffffffffffffffd6.<br /> [ 23.510324] RSP: 0018:ffffb4a60065fca8 EFLAGS: 00010246<br /> [ 23.515592] RAX: 0000000000000000 RBX: ffff9f428290e000 RCX: 000000000000000f<br /> [ 23.522765] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff9f428290e000<br /> [ 23.529937] RBP: ffff9f4282907070 R08: ffff9f4281130428 R09: 00000000ffffffff<br /> [ 23.537111] R10: 0000000000000000 R11: 0000000000000001 R12: ffff9f42829070f8<br /> [ 23.544284] R13: ffff9f4282906028 R14: ffff9f4282900000 R15: ffff9f4282906b68<br /> [ 23.551457] FS: 0000000000000000(0000) GS:ffff9f466b2cf000(0000) knlGS:0000000000000000<br /> [ 23.559588] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 23.565365] CR2: ffffffffffffffd6 CR3: 000000031c230001 CR4: 0000000000f70ef0<br /> [ 23.572539] PKRU: 55555554<br /> [ 23.575281] Call Trace:<br /> [ 23.577770] <br /> [ 23.579905] intel_engines_reset_default_submission+0x42/0x60<br /> [ 23.585695] __intel_gt_unset_wedged+0x191/0x200<br /> [ 23.590360] intel_gt_unset_wedged+0x20/0x40<br /> [ 23.594675] gt_sanitize+0x15e/0x170<br /> [ 23.598290] i915_gem_suspend_late+0x6b/0x180<br /> [ 23.602692] i915_drm_suspend_late+0x35/0xf0<br /> [ 23.607008] ? __pfx_pci_pm_suspend_late+0x10/0x10<br /> [ 23.611843] dpm_run_callback+0x78/0x1c0<br /> [ 23.615817] device_suspend_late+0xde/0x2e0<br /> [ 23.620037] async_suspend_late+0x18/0x30<br /> [ 23.624082] async_run_entry_fn+0x25/0xa0<br /> [ 23.628129] process_one_work+0x15b/0x380<br /> [ 23.632182] worker_thread+0x2a5/0x3c0<br /> [ 23.635973] ? __pfx_worker_thread+0x10/0x10<br /> [ 23.640279] kthread+0xf6/0x1f0<br /> [ 23.643464] ? __pfx_kthread+0x10/0x10<br /> [ 23.647263] ? __pfx_kthread+0x10/0x10<br /> [ 23.651045] ret_from_fork+0x131/0x190<br /> [ 23.654837] ? __pfx_kthread+0x10/0x10<br /> [ 23.658634] ret_from_fork_asm+0x1a/0x30<br /> [ 23.662597] <br /> [ 23.664826] Modules linked in:<br /> [ 23.667914] CR2: 0000000000000000<br /> [ 23.671271] ------------[ cut here ]------------<br /> <br /> (cherry picked from commit daa199abc3d3d1740c9e3a2c3e9216ae5b447cad)

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available<br /> <br /> The logic off managing recv credits by counting posted recv_io and<br /> granted credits is racy.<br /> <br /> That&amp;#39;s because the peer might already consumed a credit,<br /> but between receiving the incoming recv at the hardware<br /> and processing the completion in the &amp;#39;recv_done&amp;#39; functions<br /> we likely have a window where we grant credits, which<br /> don&amp;#39;t really exist.<br /> <br /> So we better have a decicated counter for the<br /> available credits, which will be incremented<br /> when we posted new recv buffers and drained when<br /> we grant the credits to the peer.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: server: make use of smbdirect_socket.recv_io.credits.available<br /> <br /> The logic off managing recv credits by counting posted recv_io and<br /> granted credits is racy.<br /> <br /> That&amp;#39;s because the peer might already consumed a credit,<br /> but between receiving the incoming recv at the hardware<br /> and processing the completion in the &amp;#39;recv_done&amp;#39; functions<br /> we likely have a window where we grant credits, which<br /> don&amp;#39;t really exist.<br /> <br /> So we better have a decicated counter for the<br /> available credits, which will be incremented<br /> when we posted new recv buffers and drained when<br /> we grant the credits to the peer.<br /> <br /> This fixes regression Namjae reported with<br /> the 6.18 release.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: server: make use of smbdirect_socket.send_io.bcredits<br /> <br /> It turns out that our code will corrupt the stream of<br /> reassabled data transfer messages when we trigger an<br /> immendiate (empty) send.<br /> <br /> In order to fix this we&amp;#39;ll have a single &amp;#39;batch&amp;#39; credit per<br /> connection. And code getting that credit is free to use<br /> as much messages until remaining_length reaches 0, then<br /> the batch credit it given back and the next logical send can<br /> happen.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: server: let send_done handle a completion without IB_SEND_SIGNALED<br /> <br /> With smbdirect_send_batch processing we likely have requests without<br /> IB_SEND_SIGNALED, which will be destroyed in the final request<br /> that has IB_SEND_SIGNALED set.<br /> <br /> If the connection is broken all requests are signaled<br /> even without explicit IB_SEND_SIGNALED.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: client: make use of smbdirect_socket.recv_io.credits.available<br /> <br /> The logic off managing recv credits by counting posted recv_io and<br /> granted credits is racy.<br /> <br /> That&amp;#39;s because the peer might already consumed a credit,<br /> but between receiving the incoming recv at the hardware<br /> and processing the completion in the &amp;#39;recv_done&amp;#39; functions<br /> we likely have a window where we grant credits, which<br /> don&amp;#39;t really exist.<br /> <br /> So we better have a decicated counter for the<br /> available credits, which will be incremented<br /> when we posted new recv buffers and drained when<br /> we grant the credits to the peer.

Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the &amp;#39;search site&amp;#39; feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query parameter.

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. <br /> Authentication bypass occurs when the URL ends with Authentication with certain function calls.  This bypass allows assigning arbitrary permission to any user existing in CodeChecker.<br /> <br /> This issue affects CodeChecker: through 6.27.3.