In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(), but the unregistration of lineinfo_changed_nb notifier chain failed due to waiting write rwsem. Additionally, one of the GPIO chip's lines is also in the release process and holds the notifier chain's read rwsem. Consequently, a race condition leads to the use-after-free of watched_lines. Here is the typical stack when issue happened: [free] gpio_chrdev_release() --> bitmap_free(cdev->watched_lines) <-- freed --> blocking_notifier_chain_unregister() --> down_write(&nh->rwsem) <-- waiting rwsem --> __down_write_common() --> rwsem_down_write_slowpath() --> schedule_preempt_disabled() --> schedule() [use] st54spi_gpio_dev_release() --> gpio_free() --> gpiod_free() --> gpiod_free_commit() --> gpi...

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(), but the unregistration of lineinfo_changed_nb notifier chain failed due to waiting write rwsem. Additionally, one of the GPIO chip's lines is also in the release process and holds the notifier chain's read rwsem. Consequently, a race condition leads to the use-after-free of watched_lines. Here is the typical stack when issue happened: [free] gpio_chrdev_release() --> bitmap_free(cdev->watched_lines) <-- freed --> blocking_notifier_chain_unregister() --> down_write(&nh->rwsem) <-- waiting rwsem --> __down_write_common() --> rwsem_down_write_slowpath() --> schedule_preempt_disabled() --> schedule() [use] st54spi_gpio_dev_release() --> gpio_free() --> gp...

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(), but the unregistration of lineinfo_changed_nb notifier chain failed due to waiting write rwsem. Additionally, one of the GPIO chip's lines is also in the release process and holds the notifier chain's read rwsem. Consequently, a race condition leads to the use-after-free of watched_lines. Here is the typical stack when issue happened: [free] gpio_chrdev_release() --> bitmap_free(cdev->watched_lines) <-- freed --> blocking_notifier_chain_unregister() --> down_write(&nh->rwsem) <-- waiting rwsem --> __down_write_common() --> rwsem_down_write_slowpath() --> schedule_preempt_disabled() -

In the Linux kernel, the following vulnerability has been resolved: g ...

Уязвимость функции gpio_chrdev_release() драйвера gpio ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)

Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)

Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)

Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP5)

Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP5)

Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)

Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)

Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP5)

Security update for the Linux Kernel RT (Live Patch 8 for SLE 15 SP5)

Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)

Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)

Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5)

Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)

Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)