core.c:nf_hook_slow assumes that the upper 16 bits of NF_DROP
verdicts contain a valid errno, i.e. -EPERM, -EHOSTUNREACH or similar,
or 0.
Due to the reverted commit, its possible to provide a positive
value, e.g. NF_ACCEPT (1), which results in use-after-free.
Its not clear to me why this commit was made.
NF_QUEUE is not used by nftables; "queue" rules in nftables
will result in use of "nft_queue" expression.
If we later need to allow specifiying errno values from userspace
(do not know why), this has to call NF_DROP_GETERR and check that
"err <= 0" holds true.
client can indefinitely send smb2 session setup requests with
the SessionId set to 0, thus indefinitely spawning new sessions,
and causing indefinite memory usage. This patch limit to the number
of sessions using expired timeout and session state.
Cc: <email address hidden>
Reported-by: <email address hidden> # ZDI-CAN-20478
Signed-off-by: Namjae Jeon <email address hidden>
Signed-off-by: Steve French <email address hidden>
(backported from commit ea174a91893956450510945a0c5d1a10b5323656)
[bjamison: Jammy code structure was different in smb2pdu.h than
upstream - found relevant code chunk and implemented fix commit's
intended change]
CVE-2023-32247
Signed-off-by: Bethany Jamison <email address hidden>
Acked-by: Cengiz Can <email address hidden>
Acked-by: Jacob Martin <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden>
phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function
callers of tegra_xusb_find_port_node() function only do NULL checking for
the return value. return NULL instead of ERR_PTR(-ENOMEM) to keep
consistent.
Signed-off-by: Miaoqian Lin <email address hidden>
Acked-by: Thierry Reding <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Vinod Koul <email address hidden>
(cherry picked from commit 045a31b95509c8f25f5f04ec5e0dec5cd09f2c5f)
CVE-2023-23000
Signed-off-by: Bethany Jamison <email address hidden>
Acked-by: Andrei Gherzan <email address hidden>
Acked-by: Jacob Martin <email address hidden>
Acked-by: Manuel Diewald <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden>
Apparently some BXT/GLK systems have DSI panels whose timings
don't agree with the normal cpu transcoder hblank>=32 limitation.
This is perhaps fine as there are no specific hblank/etc. limits
listed for the BXT/GLK DSI transcoders.
Move those checks out from the global intel_mode_valid() into
into connector specific .mode_valid() hooks, skipping BXT/GLK
DSI connectors. We'll leave the basic [hv]display/[hv]total
checks in intel_mode_valid() as those seem like sensible upper
limits regardless of the transcoder used.
Cc: <email address hidden>
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/9720
Fixes: 8f4b1068e7fc ("drm/i915: Check some transcoder timing minimum limits")
Signed-off-by: Ville Syrjälä <email address hidden>
Link: https://patchwork<email address hidden>
Reviewed-by: Jani Nikula <email address hidden>
(cherry picked from commit e0ef2daa8ca8ce4dbc2fd0959e383b753a87fd7d)
Signed-off-by: Jani Nikula <email address hidden>
(backported from commit 20c2dbff342aec13bf93c2f6c951da198916a455)
Signed-off-by: Dariusz Gadomski <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Roxana Nicolescu <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden>
6522efb...
by
Vitaly Rodionov <email address hidden>
ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
Customer has reported an issue with specific desktop platform
where two CS42L42 codecs are connected to CS8409 HDA bridge.
If "Master Volume Control" is created then on Ubuntu OS UCM
left/right balance slider in UI audio settings has no effect.
This patch will fix this issue for a target paltform.
Fixes: 20e507724113 ("ALSA: hda/cs8409: Add support for dolphin")
Signed-off-by: Vitaly Rodionov <email address hidden>
Cc: <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Takashi Iwai <email address hidden>
(cherry picked from commit a2ed0a44d637ef9deca595054c206da7d6cbdcbc linux-next)
Signed-off-by: Hui Wang <email address hidden>
Acked-by: AceLan Kao <email address hidden>
Acked-by: Jose Ogando <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden>