Vulnerabilidades

*** Pendiente de traducción *** In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library.

*** Pendiente de traducción *** RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.

*** Pendiente de traducción *** Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-33891. Reason: This candidate is a reservation duplicate of CVE-2024-33891. Notes: All CVE users should reference CVE-2024-33891 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

*** Pendiente de traducción *** Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute.

*** Pendiente de traducción *** The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: fix hang during unmount when stopping a space reclaim worker<br /> <br /> Often when running generic/562 from fstests we can hang during unmount,<br /> resulting in a trace like this:<br /> <br /> Sep 07 11:52:00 debian9 unknown: run fstests generic/562 at 2022-09-07 11:52:00<br /> Sep 07 11:55:32 debian9 kernel: INFO: task umount:49438 blocked for more than 120 seconds.<br /> Sep 07 11:55:32 debian9 kernel: Not tainted 6.0.0-rc2-btrfs-next-122 #1<br /> Sep 07 11:55:32 debian9 kernel: "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> Sep 07 11:55:32 debian9 kernel: task:umount state:D stack: 0 pid:49438 ppid: 25683 flags:0x00004000<br /> Sep 07 11:55:32 debian9 kernel: Call Trace:<br /> Sep 07 11:55:32 debian9 kernel: <br /> Sep 07 11:55:32 debian9 kernel: __schedule+0x3c8/0xec0<br /> Sep 07 11:55:32 debian9 kernel: ? rcu_read_lock_sched_held+0x12/0x70<br /> Sep 07 11:55:32 debian9 kernel: schedule+0x5d/0xf0<br /> Sep 07 11:55:32 debian9 kernel: schedule_timeout+0xf1/0x130<br /> Sep 07 11:55:32 debian9 kernel: ? lock_release+0x224/0x4a0<br /> Sep 07 11:55:32 debian9 kernel: ? lock_acquired+0x1a0/0x420<br /> Sep 07 11:55:32 debian9 kernel: ? trace_hardirqs_on+0x2c/0xd0<br /> Sep 07 11:55:32 debian9 kernel: __wait_for_common+0xac/0x200<br /> Sep 07 11:55:32 debian9 kernel: ? usleep_range_state+0xb0/0xb0<br /> Sep 07 11:55:32 debian9 kernel: __flush_work+0x26d/0x530<br /> Sep 07 11:55:32 debian9 kernel: ? flush_workqueue_prep_pwqs+0x140/0x140<br /> Sep 07 11:55:32 debian9 kernel: ? trace_clock_local+0xc/0x30<br /> Sep 07 11:55:32 debian9 kernel: __cancel_work_timer+0x11f/0x1b0<br /> Sep 07 11:55:32 debian9 kernel: ? close_ctree+0x12b/0x5b3 [btrfs]<br /> Sep 07 11:55:32 debian9 kernel: ? __trace_bputs+0x10b/0x170<br /> Sep 07 11:55:32 debian9 kernel: close_ctree+0x152/0x5b3 [btrfs]<br /> Sep 07 11:55:32 debian9 kernel: ? evict_inodes+0x166/0x1c0<br /> Sep 07 11:55:32 debian9 kernel: generic_shutdown_super+0x71/0x120<br /> Sep 07 11:55:32 debian9 kernel: kill_anon_super+0x14/0x30<br /> Sep 07 11:55:32 debian9 kernel: btrfs_kill_super+0x12/0x20 [btrfs]<br /> Sep 07 11:55:32 debian9 kernel: deactivate_locked_super+0x2e/0xa0<br /> Sep 07 11:55:32 debian9 kernel: cleanup_mnt+0x100/0x160<br /> Sep 07 11:55:32 debian9 kernel: task_work_run+0x59/0xa0<br /> Sep 07 11:55:32 debian9 kernel: exit_to_user_mode_prepare+0x1a6/0x1b0<br /> Sep 07 11:55:32 debian9 kernel: syscall_exit_to_user_mode+0x16/0x40<br /> Sep 07 11:55:32 debian9 kernel: do_syscall_64+0x48/0x90<br /> Sep 07 11:55:32 debian9 kernel: entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> Sep 07 11:55:32 debian9 kernel: RIP: 0033:0x7fcde59a57a7<br /> Sep 07 11:55:32 debian9 kernel: RSP: 002b:00007ffe914217c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6<br /> Sep 07 11:55:32 debian9 kernel: RAX: 0000000000000000 RBX: 00007fcde5ae8264 RCX: 00007fcde59a57a7<br /> Sep 07 11:55:32 debian9 kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055b57556cdd0<br /> Sep 07 11:55:32 debian9 kernel: RBP: 000055b57556cba0 R08: 0000000000000000 R09: 00007ffe91420570<br /> Sep 07 11:55:32 debian9 kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000<br /> Sep 07 11:55:32 debian9 kernel: R13: 000055b57556cdd0 R14: 000055b57556ccb8 R15: 0000000000000000<br /> Sep 07 11:55:32 debian9 kernel: <br /> <br /> What happens is the following:<br /> <br /> 1) The cleaner kthread tries to start a transaction to delete an unused<br /> block group, but the metadata reservation can not be satisfied right<br /> away, so a reservation ticket is created and it starts the async<br /> metadata reclaim task (fs_info-&gt;async_reclaim_work);<br /> <br /> 2) Writeback for all the filler inodes with an i_size of 2K starts<br /> (generic/562 creates a lot of 2K files with the goal of filling<br /> metadata space). We try to create an inline extent for them, but we<br /> fail when trying to insert the inline extent with -ENOSPC (at<br /> cow_file_range_inline()) - since this is not critical, we fallback<br /> to non-inline mode (back to cow_file_range()), reserve extents<br /> ---truncated---

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> exfat: fix overflow for large capacity partition<br /> <br /> Using int type for sector index, there will be overflow in a large<br /> capacity partition.<br /> <br /> For example, if storage with sector size of 512 bytes and partition<br /> capacity is larger than 2TB, there will be overflow.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: core: Fix a use-after-free<br /> <br /> There are two .exit_cmd_priv implementations. Both implementations use<br /> resources associated with the SCSI host. Make sure that these resources are<br /> still available when .exit_cmd_priv is called by waiting inside<br /> scsi_remove_host() until the tag set has been freed.<br /> <br /> This commit fixes the following use-after-free:<br /> <br /> ==================================================================<br /> BUG: KASAN: use-after-free in srp_exit_cmd_priv+0x27/0xd0 [ib_srp]<br /> Read of size 8 at addr ffff888100337000 by task multipathd/16727<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x34/0x44<br /> print_report.cold+0x5e/0x5db<br /> kasan_report+0xab/0x120<br /> srp_exit_cmd_priv+0x27/0xd0 [ib_srp]<br /> scsi_mq_exit_request+0x4d/0x70<br /> blk_mq_free_rqs+0x143/0x410<br /> __blk_mq_free_map_and_rqs+0x6e/0x100<br /> blk_mq_free_tag_set+0x2b/0x160<br /> scsi_host_dev_release+0xf3/0x1a0<br /> device_release+0x54/0xe0<br /> kobject_put+0xa5/0x120<br /> device_release+0x54/0xe0<br /> kobject_put+0xa5/0x120<br /> scsi_device_dev_release_usercontext+0x4c1/0x4e0<br /> execute_in_process_context+0x23/0x90<br /> device_release+0x54/0xe0<br /> kobject_put+0xa5/0x120<br /> scsi_disk_release+0x3f/0x50<br /> device_release+0x54/0xe0<br /> kobject_put+0xa5/0x120<br /> disk_release+0x17f/0x1b0<br /> device_release+0x54/0xe0<br /> kobject_put+0xa5/0x120<br /> dm_put_table_device+0xa3/0x160 [dm_mod]<br /> dm_put_device+0xd0/0x140 [dm_mod]<br /> free_priority_group+0xd8/0x110 [dm_multipath]<br /> free_multipath+0x94/0xe0 [dm_multipath]<br /> dm_table_destroy+0xa2/0x1e0 [dm_mod]<br /> __dm_destroy+0x196/0x350 [dm_mod]<br /> dev_remove+0x10c/0x160 [dm_mod]<br /> ctl_ioctl+0x2c2/0x590 [dm_mod]<br /> dm_ctl_ioctl+0x5/0x10 [dm_mod]<br /> __x64_sys_ioctl+0xb4/0xf0<br /> dm_ctl_ioctl+0x5/0x10 [dm_mod]<br /> __x64_sys_ioctl+0xb4/0xf0<br /> do_syscall_64+0x3b/0x90<br /> entry_SYSCALL_64_after_hwframe+0x46/0xb0

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb3: fix temporary data corruption in insert range<br /> <br /> insert range doesn&amp;#39;t discard the affected cached region<br /> so can risk temporarily corrupting file data.<br /> <br /> Also includes some minor cleanup (avoiding rereading<br /> inode size repeatedly unnecessarily) to make it clearer.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb3: fix temporary data corruption in collapse range<br /> <br /> collapse range doesn&amp;#39;t discard the affected cached region<br /> so can risk temporarily corrupting the file data. This<br /> fixes xfstest generic/031<br /> <br /> I also decided to merge a minor cleanup to this into the same patch<br /> (avoiding rereading inode size repeatedly unnecessarily) to make it<br /> clearer.

*** Pendiente de traducción *** IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()<br /> <br /> It seems to me that percpu memory for chain stats started leaking since<br /> commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to<br /> hardware priority") when nft_chain_offload_priority() returned an error.