In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Fix possible dereference of uninitialized pointer
There is a pointer head_page in rb_meta_validate_events() which is not
initialized at the beginning of a function. This pointer can be dereferenced
if there is a failure during reader page validation. In this case the control
is passed to "invalid" label where the pointer is dereferenced in a loop.
To fix the issue initialize orig_head and head_page before calling
rb_validate_buffer.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
A Linux kernel ring-buffer vulnerability allows potential dereference of an uninitialized pointer in rb_meta_validate_events() function when reader page validation fails. This could lead to kernel crashes or undefined behavior on affected systems.
تحتوي نواة لينكس على ثغرة في وحدة ring-buffer حيث لا يتم تهيئة مؤشر head_page في بداية الدالة rb_meta_validate_events(). قد يؤدي فشل التحقق من صفحة القارئ إلى إلغاء تهيئة المؤشر وإلحاق الضرر بسلامة النظام.
A Linux kernel ring-buffer vulnerability allows potential dereference of an uninitialized pointer in rb_meta_validate_events() function when reader page validation fails. This could lead to kernel crashes or undefined behavior on affected systems.
Update Linux kernel to the latest patched version that initializes orig_head and head_page pointers before calling rb_validate_buffer function. Apply security patches from your Linux distribution vendor immediately.
قم بتحديث نواة لينكس إلى أحدث إصدار معدل يهيئ المؤشرات orig_head و head_page قبل استدعاء دالة rb_validate_buffer. طبق تصحيحات الأمان من موزع توزيعة لينكس الخاص بك فوراً.