Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd()<br /> <br /> When unregister pd capabilitie in tcpm, KASAN will capture below double<br /> -free issue. The root cause is the same capabilitiy will be kfreed twice,<br /> the first time is kfreed by pd_capabilities_release() and the second time<br /> is explicitly kfreed by tcpm_port_unregister_pd().<br /> <br /> [ 3.988059] BUG: KASAN: double-free in tcpm_port_unregister_pd+0x1a4/0x3dc<br /> [ 3.995001] Free of addr ffff0008164d3000 by task kworker/u16:0/10<br /> [ 4.001206]<br /> [ 4.002712] CPU: 2 PID: 10 Comm: kworker/u16:0 Not tainted 6.8.0-rc5-next-20240220-05616-g52728c567a55 #53<br /> [ 4.012402] Hardware name: Freescale i.MX8QXP MEK (DT)<br /> [ 4.017569] Workqueue: events_unbound deferred_probe_work_func<br /> [ 4.023456] Call trace:<br /> [ 4.025920] dump_backtrace+0x94/0xec<br /> [ 4.029629] show_stack+0x18/0x24<br /> [ 4.032974] dump_stack_lvl+0x78/0x90<br /> [ 4.036675] print_report+0xfc/0x5c0<br /> [ 4.040289] kasan_report_invalid_free+0xa0/0xc0<br /> [ 4.044937] __kasan_slab_free+0x124/0x154<br /> [ 4.049072] kfree+0xb4/0x1e8<br /> [ 4.052069] tcpm_port_unregister_pd+0x1a4/0x3dc<br /> [ 4.056725] tcpm_register_port+0x1dd0/0x2558<br /> [ 4.061121] tcpci_register_port+0x420/0x71c<br /> [ 4.065430] tcpci_probe+0x118/0x2e0<br /> <br /> To fix the issue, this will remove kree() from tcpm_port_unregister_pd().

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> USB: core: Fix deadlock in port "disable" sysfs attribute<br /> <br /> The show and store callback routines for the "disable" sysfs attribute<br /> file in port.c acquire the device lock for the port&amp;#39;s parent hub<br /> device. This can cause problems if another process has locked the hub<br /> to remove it or change its configuration:<br /> <br /> Removing the hub or changing its configuration requires the<br /> hub interface to be removed, which requires the port device<br /> to be removed, and device_del() waits until all outstanding<br /> sysfs attribute callbacks for the ports have returned. The<br /> lock can&amp;#39;t be released until then.<br /> <br /> But the disable_show() or disable_store() routine can&amp;#39;t return<br /> until after it has acquired the lock.<br /> <br /> The resulting deadlock can be avoided by calling<br /> sysfs_break_active_protection(). This will cause the sysfs core not<br /> to wait for the attribute&amp;#39;s callback routine to return, allowing the<br /> removal to proceed. The disadvantage is that after making this call,<br /> there is no guarantee that the hub structure won&amp;#39;t be deallocated at<br /> any moment. To prevent this, we have to acquire a reference to it<br /> first by calling hub_get().

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access<br /> <br /> When translating source to sink streams in the crossbar subdev, the<br /> driver tries to locate the remote subdev connected to the sink pad. The<br /> remote pad may be NULL, if userspace tries to enable a stream that ends<br /> at an unconnected crossbar sink. When that occurs, the driver<br /> dereferences the NULL pad, leading to a crash.<br /> <br /> Prevent the crash by checking if the pad is NULL before using it, and<br /> return an error if it is.

Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp.

lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h.

lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0.

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source.

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.

An information disclosure flaw was found in OpenShift&amp;#39;s internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator&amp;#39;s Azure service account.

A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability.