Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: use memalloc_nofs_save() in page_cache_ra_order()<br /> <br /> See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"),<br /> ensure that page_cache_ra_order() do not attempt to reclaim file-backed<br /> pages too, or it leads to a deadlock, found issue when test ext4 large<br /> folio.<br /> <br /> INFO: task DataXceiver for:7494 blocked for more than 120 seconds.<br /> "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200<br /> Call trace:<br /> __switch_to+0x14c/0x240<br /> __schedule+0x82c/0xdd0<br /> schedule+0x58/0xf0<br /> io_schedule+0x24/0xa0<br /> __folio_lock+0x130/0x300<br /> migrate_pages_batch+0x378/0x918<br /> migrate_pages+0x350/0x700<br /> compact_zone+0x63c/0xb38<br /> compact_zone_order+0xc0/0x118<br /> try_to_compact_pages+0xb0/0x280<br /> __alloc_pages_direct_compact+0x98/0x248<br /> __alloc_pages+0x510/0x1110<br /> alloc_pages+0x9c/0x130<br /> folio_alloc+0x20/0x78<br /> filemap_alloc_folio+0x8c/0x1b0<br /> page_cache_ra_order+0x174/0x308<br /> ondemand_readahead+0x1c8/0x2b8<br /> page_cache_async_ra+0x68/0xb8<br /> filemap_readahead.isra.0+0x64/0xa8<br /> filemap_get_pages+0x3fc/0x5b0<br /> filemap_splice_read+0xf4/0x280<br /> ext4_file_splice_read+0x2c/0x48 [ext4]<br /> vfs_splice_read.part.0+0xa8/0x118<br /> splice_direct_to_actor+0xbc/0x288<br /> do_splice_direct+0x9c/0x108<br /> do_sendfile+0x328/0x468<br /> __arm64_sys_sendfile64+0x8c/0x148<br /> invoke_syscall+0x4c/0x118<br /> el0_svc_common.constprop.0+0xc8/0xf0<br /> do_el0_svc+0x24/0x38<br /> el0_svc+0x4c/0x1f8<br /> el0t_64_sync_handler+0xc0/0xc8<br /> el0t_64_sync+0x188/0x190

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault()<br /> <br /> This was missed because of the function pointer indirection.<br /> <br /> nvidia_smmu_context_fault() is also installed as a irq function, and the<br /> &amp;#39;void *&amp;#39; was changed to a struct arm_smmu_domain. Since the iommu_domain<br /> is embedded at a non-zero offset this causes nvidia_smmu_context_fault()<br /> to miscompute the offset. Fixup the types.<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000120<br /> Mem abort info:<br /> ESR = 0x0000000096000004<br /> EC = 0x25: DABT (current EL), IL = 32 bits<br /> SET = 0, FnV = 0<br /> EA = 0, S1PTW = 0<br /> FSC = 0x04: level 0 translation fault<br /> Data abort info:<br /> ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000<br /> CM = 0, WnR = 0, TnD = 0, TagAccess = 0<br /> GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0<br /> user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107c9f000<br /> [0000000000000120] pgd=0000000000000000, p4d=0000000000000000<br /> Internal error: Oops: 0000000096000004 [#1] SMP<br /> Modules linked in:<br /> CPU: 1 PID: 47 Comm: kworker/u25:0 Not tainted 6.9.0-0.rc7.58.eln136.aarch64 #1<br /> Hardware name: Unknown NVIDIA Jetson Orin NX/NVIDIA Jetson Orin NX, BIOS 3.1-32827747 03/19/2023<br /> Workqueue: events_unbound deferred_probe_work_func<br /> pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : nvidia_smmu_context_fault+0x1c/0x158<br /> lr : __free_irq+0x1d4/0x2e8<br /> sp : ffff80008044b6f0<br /> x29: ffff80008044b6f0 x28: ffff000080a60b18 x27: ffffd32b5172e970<br /> x26: 0000000000000000 x25: ffff0000802f5aac x24: ffff0000802f5a30<br /> x23: ffff0000802f5b60 x22: 0000000000000057 x21: 0000000000000000<br /> x20: ffff0000802f5a00 x19: ffff000087d4cd80 x18: ffffffffffffffff<br /> x17: 6234362066666666 x16: 6630303078302d30 x15: ffff00008156d888<br /> x14: 0000000000000000 x13: ffff0000801db910 x12: ffff00008156d6d0<br /> x11: 0000000000000003 x10: ffff0000801db918 x9 : ffffd32b50f94d9c<br /> x8 : 1fffe0001032fda1 x7 : ffff00008197ed00 x6 : 000000000000000f<br /> x5 : 000000000000010e x4 : 000000000000010e x3 : 0000000000000000<br /> x2 : ffffd32b51720cd8 x1 : ffff000087e6f700 x0 : 0000000000000057<br /> Call trace:<br /> nvidia_smmu_context_fault+0x1c/0x158<br /> __free_irq+0x1d4/0x2e8<br /> free_irq+0x3c/0x80<br /> devm_free_irq+0x64/0xa8<br /> arm_smmu_domain_free+0xc4/0x158<br /> iommu_domain_free+0x44/0xa0<br /> iommu_deinit_device+0xd0/0xf8<br /> __iommu_group_remove_device+0xcc/0xe0<br /> iommu_bus_notifier+0x64/0xa8<br /> notifier_call_chain+0x78/0x148<br /> blocking_notifier_call_chain+0x4c/0x90<br /> bus_notify+0x44/0x70<br /> device_del+0x264/0x3e8<br /> pci_remove_bus_device+0x84/0x120<br /> pci_remove_root_bus+0x5c/0xc0<br /> dw_pcie_host_deinit+0x38/0xe0<br /> tegra_pcie_config_rp+0xc0/0x1f0<br /> tegra_pcie_dw_probe+0x34c/0x700<br /> platform_probe+0x70/0xe8<br /> really_probe+0xc8/0x3a0<br /> __driver_probe_device+0x84/0x160<br /> driver_probe_device+0x44/0x130<br /> __device_attach_driver+0xc4/0x170<br /> bus_for_each_drv+0x90/0x100<br /> __device_attach+0xa8/0x1c8<br /> device_initial_probe+0x1c/0x30<br /> bus_probe_device+0xb0/0xc0<br /> deferred_probe_work_func+0xbc/0x120<br /> process_one_work+0x194/0x490<br /> worker_thread+0x284/0x3b0<br /> kthread+0xf4/0x108<br /> ret_from_fork+0x10/0x20<br /> Code: a9b97bfd 910003fd a9025bf5 f85a0035 (b94122a1)

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> keys: Fix overwrite of key expiration on instantiation<br /> <br /> The expiry time of a key is unconditionally overwritten during<br /> instantiation, defaulting to turn it permanent. This causes a problem<br /> for DNS resolution as the expiration set by user-space is overwritten to<br /> TIME64_MAX, disabling further DNS updates. Fix this by restoring the<br /> condition that key_set_expiry is only called when the pre-parser sets a<br /> specific expiry.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: fix out-of-bounds access in ops_init<br /> <br /> net_alloc_generic is called by net_alloc, which is called without any<br /> locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It<br /> is read twice, first to allocate an array, then to set s.len, which is<br /> later used to limit the bounds of the array access.<br /> <br /> It is possible that the array is allocated and another thread is<br /> registering a new pernet ops, increments max_gen_ptrs, which is then used<br /> to set s.len with a larger than allocated length for the variable array.<br /> <br /> Fix it by reading max_gen_ptrs only once in net_alloc_generic. If<br /> max_gen_ptrs is later incremented, it will be caught in net_assign_generic.

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting.

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_category. Manipulating the argument id can result in SQL injection.

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_category. Manipulating the argument id can result in SQL injection.

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_item. Manipulating the argument id can result in SQL injection.

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_item. Manipulating the argument id can result in SQL injection.

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_category. Manipulating the argument id can result in SQL injection.

In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application.

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting.