Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      June 2025: All AI updates from the past month

      June 30, 2025

      Building a culture that will drive platform engineering success

      June 30, 2025

      Gartner: More than 40% of agentic AI projects will be canceled in the next few years

      June 30, 2025

      Never Stop Exploring (July 2025 Wallpapers Edition)

      June 30, 2025

      I never thought I’d praise a kickstand power bank – until I tried this one

      June 30, 2025

      I replaced my work PC with this Alienware laptop – now I’m wondering why I hadn’t done this sooner

      June 30, 2025

      How to set up Alexa to receive notifications on Prime Day deals you want

      June 30, 2025

      How proxy servers actually work, and why they’re so valuable

      June 30, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Top 6 MySQL Database Management Struggles for Laravel Developers (And Smart Fixes)

      June 30, 2025
      Recent

      Top 6 MySQL Database Management Struggles for Laravel Developers (And Smart Fixes)

      June 30, 2025

      What’s the difference between named functions and arrow functions in JavaScript?

      June 30, 2025

      Spring Boot + Swagger: A Complete Guide to API Documentation

      June 30, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      Relive the Golden Era: 5 Tools to Get Retro Feel on Linux

      June 30, 2025
      Recent

      Relive the Golden Era: 5 Tools to Get Retro Feel on Linux

      June 30, 2025

      mpvc – mpc-like CLI tool for mpv

      June 30, 2025

      sherpa-onnx is speech-to-text and text-to-speech software

      June 30, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Development

    Understanding and Implementing OAuth2 and OpenID Connect in .NET

    April 1, 2025

    Authentication and authorization are two crucial aspects of web development. In modern applications, it’s essential to ensure that users are…

    rmsramos/activitylog

    April 1, 2025

    This is my package activitylog Source: Read More 

    Report shows overinflated opinion of infrastructure automation excellence

    April 1, 2025

    Many infrastructure technology teams believe they have mastered infrastructure automation, but the data tells a different story. We commissioned a…

    Development

    Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices

    April 1, 2025

    Apple has been hit with a fine of €150 million ($162 million) by France’s competition watchdog over the implementation of…

    Development

    Moscow Metro Digital Outage: Alleged Cyberattack or Technical Failure?

    April 1, 2025

    The Moscow Metro website and mobile application experienced disruptions on March 31, 2023. The Moscow subway app users reported various…

    Development

    World Backup Day: Why Human Error Remains the Biggest Threat to Data Protection

    April 1, 2025

    World Backup Day, observed annually on March 31, serves as a reminder of the importance of protecting data against cyber…

    Development

    Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security

    April 1, 2025

    Canon Marketing Japan Inc. and Canon Inc. have issued an important security update regarding a vulnerability in certain printer drivers.…

    Hackers exploit little-known WordPress MU-plugins feature to hide malware

    April 1, 2025

    A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) feature to hide…

    Development

    Mysterious Disappearance of Cybersecurity Expert Xiaofeng Wang and Wife Triggers FBI Raids

    April 1, 2025

    Xiaofeng Wang, a well-respected computer scientist and professor at Indiana University, has suddenly vanished along with his wife, Nianli Ma.…

    Development

    AI, Data Protection, and Governance: Key Pillars for the Future of Business

    April 1, 2025

    The Microsoft Fabric Community Conference, currently underway from March 31 to April 2, 2025, in Las Vegas, has already become…

    Development

    New Case Study: Global Retailer Overshares CSRF Tokens with Facebook

    April 1, 2025

    Are your security tokens truly secure? Explore how Reflectiz helped a giant retailer to expose a Facebook pixel that was…

    Development

    China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions

    April 1, 2025

    Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors…

    Development

    Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

    April 1, 2025

    Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with…

    Development

    Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices

    April 1, 2025

    Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models…

    facad is a modern colorful directory listing tool

    April 1, 2025

    facad is a modern, colorful directory listing tool for the command line. It’s written in C. The post facad is…

    Ghibli Generator

    April 1, 2025

    Post Content Source: Read More 

    Web Developer Toolbar: Essential Tools for Every Developer in 2025

    April 1, 2025

    Post Content Source: Read More 

    Coding Careers Under Threat: Impacts of AI, No-Code Platforms, and Economic Pressures

    April 1, 2025

    Post Content Source: Read More 

    Chat 4O – AI Image Generator & Assistant with GPT-4o & O1

    April 1, 2025

    Post Content Source: Read More 

    Build a Powerful Image Editor with Next.js and glfx.js

    April 1, 2025

    Post Content Source: Read More 

    Previous 1 … 778 779 780 781 Next

    Continue Reading

    CVE-2025-52792 – Vgstef WP User Stylesheet Switcher CSRF Stored XSS

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-3321 – Apache Server Unauthenticated Local Privilege Escalation Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-4283 – SourceCodester Oretnom23 Stock Management System SQL Injection Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    OpenDocument Format (ODF) celebra il suo 20° anniversario!

    Linux

    Highlights

    CVE-2023-53143 – “Ext4 Linux Kernel Off-by-One Error in fsmap Handling”

    May 2, 2025

    CVE ID : CVE-2023-53143

    Published : May 2, 2025, 4:15 p.m. | 34 minutes ago

    Description : In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix another off-by-one fsmap error on 1k block filesystems

    Apparently syzbot figured out that issuing this FSMAP call:

    struct fsmap_head cmd = {
    .fmh_count = …;
    .fmh_keys = {
    { .fmr_device = /* ext4 dev */, .fmr_physical = 0, },
    { .fmr_device = /* ext4 dev */, .fmr_physical = 0, },
    },
    …
    };
    ret = ioctl(fd, FS_IOC_GETFSMAP, &cmd);

    Produces this crash if the underlying filesystem is a 1k-block ext4
    filesystem:

    kernel BUG at fs/ext4/ext4.h:3331!
    invalid opcode: 0000 [#1] PREEMPT SMP
    CPU: 3 PID: 3227965 Comm: xfs_io Tainted: G W O 6.2.0-rc8-achx
    Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
    RIP: 0010:ext4_mb_load_buddy_gfp+0x47c/0x570 [ext4]
    RSP: 0018:ffffc90007c03998 EFLAGS: 00010246
    RAX: ffff888004978000 RBX: ffffc90007c03a20 RCX: ffff888041618000
    RDX: 0000000000000000 RSI: 00000000000005a4 RDI: ffffffffa0c99b11
    RBP: ffff888012330000 R08: ffffffffa0c2b7d0 R09: 0000000000000400
    R10: ffffc90007c03950 R11: 0000000000000000 R12: 0000000000000001
    R13: 00000000ffffffff R14: 0000000000000c40 R15: ffff88802678c398
    FS: 00007fdf2020c880(0000) GS:ffff88807e100000(0000) knlGS:0000000000000000
    CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 00007ffd318a5fe8 CR3: 000000007f80f001 CR4: 00000000001706e0
    Call Trace:

    ext4_mballoc_query_range+0x4b/0x210 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]
    ext4_getfsmap_datadev+0x713/0x890 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]
    ext4_getfsmap+0x2b7/0x330 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]
    ext4_ioc_getfsmap+0x153/0x2b0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]
    __ext4_ioctl+0x2a7/0x17e0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]
    __x64_sys_ioctl+0x82/0xa0
    do_syscall_64+0x2b/0x80
    entry_SYSCALL_64_after_hwframe+0x46/0xb0
    RIP: 0033:0x7fdf20558aff
    RSP: 002b:00007ffd318a9e30 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
    RAX: ffffffffffffffda RBX: 00000000000200c0 RCX: 00007fdf20558aff
    RDX: 00007fdf1feb2010 RSI: 00000000c0c0583b RDI: 0000000000000003
    RBP: 00005625c0634be0 R08: 00005625c0634c40 R09: 0000000000000001
    R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf1feb2010
    R13: 00005625be70d994 R14: 0000000000000800 R15: 0000000000000000

    For GETFSMAP calls, the caller selects a physical block device by
    writing its block number into fsmap_head.fmh_keys[01].fmr_device.
    To query mappings for a subrange of the device, the starting byte of the
    range is written to fsmap_head.fmh_keys[0].fmr_physical and the last
    byte of the range goes in fsmap_head.fmh_keys[1].fmr_physical.

    IOWs, to query what mappings overlap with bytes 3-14 of /dev/sda, you’d
    set the inputs as follows:

    fmh_keys[0] = { .fmr_device = major(8, 0), .fmr_physical = 3},
    fmh_keys[1] = { .fmr_device = major(8, 0), .fmr_physical = 14},

    Which would return you whatever is mapped in the 12 bytes starting at
    physical offset 3.

    The crash is due to insufficient range validation of keys[1] in
    ext4_getfsmap_datadev. On 1k-block filesystems, block 0 is not part of
    the filesystem, which means that s_first_data_block is nonzero.
    ext4_get_group_no_and_offset subtracts this quantity from the blocknr
    argument before cracking it into a group number and a block number
    within a group. IOWs, block group 0 spans blocks 1-8192 (1-based)
    instead of 0-8191 (0-based) like what happens with larger blocksizes.

    The net result of this encoding is that blocknr s_first_data_block);

    The division then operates on -1:

    offset = do_div(blocknr, EXT4_BLOCKS_PER_GROUP(sb)) >>
    EXT4_SB(sb)->s_cluster_bits;

    Leaving an impossibly large group number (2^32-1) in blocknr.
    ext4_getfsmap_check_keys checked that keys[0
    —truncated—

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    If Call of Duty: Black Ops 6’s Kilo 141 Jade camo challenge is bugged for you, try this

    If Call of Duty: Black Ops 6’s Kilo 141 Jade camo challenge is bugged for you, try this

    April 8, 2025

    Patch Tuesday, June 2025 Edition

    June 10, 2025

    IceBox converts images into a PDF file

    April 25, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.