In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.

CVE-2022-40847: Vulnerabilities in Tenda's W15Ev2 AC1200 Router

WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients.

CVE-2022-42984: GitHub - nhiephon/Research

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.

From: Mauro Carvalho Chehab <mchehab@kernel.org>
To: linuxtv-commits@linuxtv.org
Cc: Rondreis <linhaoguo86@gmail.com>,
	Alan Stern <stern@rowland.harvard.edu>,
	Sean Young <sean@mess.org>,
	stable@vger.kernel.org
Subject: \[git:media\_stage/master\] media: mceusb: Use new usb\_control\_msg\_\*() routines
Date: Sat, 24 Sep 2022 05:49:45 +0000	\[thread overview\]
Message-ID: <E1obysd-009Grw-He@www.linuxtv.org> (raw)

This is an automatic generated email to let you know that the following patch were queued:

Subject: media: mceusb: Use new usb\_control\_msg\_\*() routines
Author:  Alan Stern <stern@rowland.harvard.edu>
Date:    Fri Aug 26 21:31:40 2022 +0200

Automatic kernel fuzzing led to a WARN about invalid pipe direction in
the mceusb driver:

------------\[ cut here \]------------
usb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40
WARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410
usb\_submit\_urb+0x1326/0x1820 drivers/usb/core/urb.c:410
Modules linked in:
CPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
Workqueue: usb\_hub\_wq hub\_event
RIP: 0010:usb\_submit\_urb+0x1326/0x1820 drivers/usb/core/urb.c:410
Code: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e8
44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0b
e9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41
RSP: 0018:ffffc900032becf0 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000
RDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90
RBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000
R10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000
R13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500
FS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0
Call Trace:
<TASK>
usb\_start\_wait\_urb+0x101/0x4c0 drivers/usb/core/message.c:58
usb\_internal\_control\_msg drivers/usb/core/message.c:102 \[inline\]
usb\_control\_msg+0x31c/0x4a0 drivers/usb/core/message.c:153
mceusb\_gen1\_init drivers/media/rc/mceusb.c:1431 \[inline\]
mceusb\_dev\_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807

The reason for the warning is clear enough; the driver sends an
unusual read request on endpoint 0 but does not set the USB\_DIR\_IN bit
in the bRequestType field.

More importantly, the whole situation can be avoided and the driver
simplified by converting it over to the relatively new
usb\_control\_msg\_recv() and usb\_control\_msg\_send() routines.  That's
what this fix does.

Reported-and-tested-by: Rondreis <linhaoguo86@gmail.com>
Link: https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA@mail.gmail.com/

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>

 drivers/media/rc/mceusb.c | 35 ++++++++++++++---------------------
 1 file changed, 14 insertions(+), 21 deletions(-)

---

diff --git a/drivers/media/rc/mceusb.c b/drivers/media/rc/mceusb.c
index 0834d5f866fd..39d2b03e2631 100644
--- a/drivers/media/rc/mceusb.c
+++ b/drivers/media/rc/mceusb.c
@@ -1416,42 +1416,37 @@ static void mceusb\_gen1\_init(struct mceusb\_dev \*ir)
 {
 	int ret;
 	struct device \*dev = ir->dev;
\-	char \*data;
-
-	data = kzalloc(USB\_CTRL\_MSG\_SZ, GFP\_KERNEL);
-	if (!data) {
-		dev\_err(dev, "%s: memory allocation failed!", \_\_func\_\_);
-		return;
-	}
+	char data\[USB\_CTRL\_MSG\_SZ\];
 
 	/\*
 	 \* This is a strange one. Windows issues a set address to the device
 	 \* on the receive control pipe and expect a certain value pair back
 	 \*/
\-	ret = usb\_control\_msg(ir->usbdev, usb\_rcvctrlpipe(ir->usbdev, 0),
-			      USB\_REQ\_SET\_ADDRESS, USB\_TYPE\_VENDOR, 0, 0,
-			      data, USB\_CTRL\_MSG\_SZ, 3000);
+	ret = usb\_control\_msg\_recv(ir->usbdev, 0, USB\_REQ\_SET\_ADDRESS,
+				   USB\_DIR\_IN | USB\_TYPE\_VENDOR,
+				   0, 0, data, USB\_CTRL\_MSG\_SZ, 3000,
+				   GFP\_KERNEL);
 	dev\_dbg(dev, "set address - ret = %d", ret);
 	dev\_dbg(dev, "set address - data\[0\] = %d, data\[1\] = %d",
 						data\[0\], data\[1\]);
 
 	/\* set feature: bit rate 38400 bps \*/
\-	ret = usb\_control\_msg(ir->usbdev, usb\_sndctrlpipe(ir->usbdev, 0),
-			      USB\_REQ\_SET\_FEATURE, USB\_TYPE\_VENDOR,
-			      0xc04e, 0x0000, NULL, 0, 3000);
+	ret = usb\_control\_msg\_send(ir->usbdev, 0,
+				   USB\_REQ\_SET\_FEATURE, USB\_TYPE\_VENDOR,
+				   0xc04e, 0x0000, NULL, 0, 3000, GFP\_KERNEL);
 
 	dev\_dbg(dev, "set feature - ret = %d", ret);
 
 	/\* bRequest 4: set char length to 8 bits \*/
\-	ret = usb\_control\_msg(ir->usbdev, usb\_sndctrlpipe(ir->usbdev, 0),
-			      4, USB\_TYPE\_VENDOR,
-			      0x0808, 0x0000, NULL, 0, 3000);
+	ret = usb\_control\_msg\_send(ir->usbdev, 0,
+				   4, USB\_TYPE\_VENDOR,
+				   0x0808, 0x0000, NULL, 0, 3000, GFP\_KERNEL);
 	dev\_dbg(dev, "set char length - retB = %d", ret);
 
 	/\* bRequest 2: set handshaking to use DTR/DSR \*/
\-	ret = usb\_control\_msg(ir->usbdev, usb\_sndctrlpipe(ir->usbdev, 0),
-			      2, USB\_TYPE\_VENDOR,
-			      0x0000, 0x0100, NULL, 0, 3000);
+	ret = usb\_control\_msg\_send(ir->usbdev, 0,
+				   2, USB\_TYPE\_VENDOR,
+				   0x0000, 0x0100, NULL, 0, 3000, GFP\_KERNEL);
 	dev\_dbg(dev, "set handshake  - retC = %d", ret);
 
 	/\* device resume \*/
@@ -1459,8 +1454,6 @@ static void mceusb\_gen1\_init(struct mceusb\_dev \*ir)
 
 	/\* get hw/sw revision? \*/
 	mce\_command\_out(ir, GET\_REVISION, sizeof(GET\_REVISION));
\-
-	kfree(data);
 }
 
 static void mceusb\_gen2\_init(struct mceusb\_dev \*ir)

                 reply	other threads:\[~2022-09-24  6:43 UTC|newest\]

**Thread overview:** \[no followups\] expand\[flat|nested\]  mbox.gz  Atom feed

**Reply instructions:**

You may reply publicly to this message via plain-text email
using any one of the following methods:

\* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting\_style#Interleaved\_style

\* Reply using the **\--to**, **\--cc**, and **\--in-reply-to**
  switches of git-send-email(1):

  git send-email \\
    --in-reply-to=E1obysd-009Grw-He@www.linuxtv.org \\
    --to=mchehab@kernel.org \\
    --cc=linhaoguo86@gmail.com \\
    --cc=linux-media@vger.kernel.org \\
    --cc=linuxtv-commits@linuxtv.org \\
    --cc=sean@mess.org \\
    --cc=stable@vger.kernel.org \\
    --cc=stern@rowland.harvard.edu \\
    /path/to/YOUR\_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

\* If your mail client supports setting the **In-Reply-To** header
  via mailto: links, try the mailto: link

Be sure your reply has a **Subject:** header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

CVE-2022-3903: [git:media_stage/master] media: mceusb: Use new usb_control_msg_*() routines

Debian Linux Security Advisory 5278-1 - It was discovered that a buffer overflow in the _getCountedString() function of the Xorg X server may result in denial of service or potentially the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5278-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 13, 2022                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2022-3550 CVE-2022-3551

It was discovered that a buffer overflow in the _getCountedString()  
function of the Xorg X server may result in denial of service or  
potentially the execution of arbitrary code.

For the stable distribution (bullseye), these problems have been fixed in  
version 2:1.20.11-1+deb11u3.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNxPhMACgkQEMKTtsN8  
TjYGIw//eDkQaWMUaRzlfNcFJUPkYQJot20IGvCa5UwUgNCcky13/riQ13OedOAZ  
n7ORM7vtn28v3WhQkUqO2XJ8ODT0LGKuAFuwbXOLqJd/f1bqkhAVYp0eNMmZm3wr  
CLfa8zoTM0lh4eOu5r7ecdFSd/sZ3Dy7ODwL8tuOaTrHo+rJ5epYd2xqrFxVi9NA  
EfyeycQb8LY+/OqCbpp8nUq+CpvT22Z7oNTgQpKy4ScQKLe7pqPQDO4VEkSwsBrs  
HGInGuNRMMM3uAHTTQts6tn4jK5eou24hws1fYUXSi57zTJc5jwVG75jhIjEtGOm  
/UfnEhAbUeEB+o21gP0HAxLy1F20h8Qonasvh3LH1ormzwhl8RqVR/Ny62jb79/k  
jlS4IUUQGPK8WYdbkJPrs1GFu/2quW8VWcpYRIE5b/Ylq/XsmLNotSVs29ID10Q2  
U91rimYdlTKG3UDsErFzBh6uPqNP2vWUimpPq6nRQgEfX94H2kb96cyE1EpKnDnk  
jf1+UINP4Pe2r+XPGglw9krUGWsFMIJoPohCwOsXBSNhkfOJ4bO4huOzz3C1XLy3  
9i6BIrhaZRrKASemZSGieoKQyHXfsCBN1JIsoXYqYPxIu6STvyoG4kIv8VlAylXY  
9b9F1jtO2G3zGXuVlPEwJacMh5CPKNcUJP/SgpRrcov0iop/X8U=gxG8  
-----END PGP SIGNATURE-----

Debian Security Advisory 5278-1

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5277-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 13, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : php7.4CVE ID         : CVE-2022-31630 CVE-2022-37454 CVE-2022-31629 CVE-2022-31628Multiple security issues were discovered in PHP, a widely-used opensource general purpose scripting language which could result an denialof service, information disclosure, insecure cooking handling orpotentially the execution of arbitrary code.For the stable distribution (bullseye), these problems have been fixed inversion 7.4.33-1+deb11u1.We recommend that you upgrade your php7.4 packages.For the detailed security status of php7.4 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php7.4Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNxOm0ACgkQEMKTtsN8TjYZ7xAAspdPvtpc+Sq8l2NsZlKUew50JSsTb0UbwAYH0G8prnYzEQK898syuP2eaZsbPHec/aqClyvFfrhnWsrGyWUAwHtQIHmG0lIPXAZuCMawbud95MY3sFY7lidK+6UvTFxBCx3hbYaZE/Xz+3Zsx6qX3L+eSQSEdVKy4lV4CbZtVBM3iVlg+lB+EXZqFjdZZsoDSbK5K8pYRD2HQBMa7RMFau/zYc7ZZpcwRjcojUvrLB+2xQHitcCZLxNtJ4IpNqKr3BmDfIe+h9mzY9q22sdTC5H29u9p+s2XssYgNfkS9h6IxBfYbYQAwxZLfBIDJ3inbmAnHz/OBTEcmt/OufdaBUt0V4otddaZHT/6nhaY/0Hhdd9f5F40ohKGR4R4nv5zFKVLB9/fONxPjKARj7X81PsBhB7GFzKbrdQtpK+tTek/sxDJTW5TSvN+tvRtAPBTxzEbvzl+duscIZr7eVlIqfd/tLuspnc/iaeOxBWup1ekx8Eu5voHcC3SFnLJCFeSdqfA9/qiG8Gj/FYA4a8/S2D7mWH+xQlT1aWVU33b9bgJkzdg1WYj79Dv6K9Yg64T22CIy0w8EOpQXSJcKlILd6gP6cdz3P5WfCt/51VhBQAJb/+qd4w98c5LAhoet75dSWVIbynja1asPTMZ1RhJvIWpYud3LmfOAO8Q/NFGYtc=MMQt-----END PGP SIGNATURE-----

Debian Security Advisory 5277-1

Debian Linux Security Advisory 5276-1 - Maddie Stone reported a heap-based buffer overflow flaw in pixman, a pixel-manipulation library for X and cairo, which could result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5276-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoNovember 12, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pixmanCVE ID         : CVE-2022-44638Debian Bug     : 1023427Maddie Stone reported a heap-based buffer overflow flaw in pixman, apixel-manipulation library for X and cairo, which could result in denialof service or potentially the execution of arbitrary code.For the stable distribution (bullseye), this problem has been fixed inversion 0.40.0-1.1~deb11u1.We recommend that you upgrade your pixman packages.For the detailed security status of pixman please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/pixmanFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKSBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNvmIhfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0ToTQ/3bIRPJMysz984NBivSyxdCCD4If1AjwKLr+At3fHCJVs3BrzY/K+nBMlWSkzBVcWGnIyJ7WF50DKwnEflUrjDBLMrYN6v+PEXgZGSWsTsyy4pcmJxYwZsyxJvZv0uuqEKT2VAFIG8MjAVNjCzRadJnLzCi7EFvheMiRXpWMMUt3DlOvtu+075TXW65n1TgBbgVSqGtg83oRoCqU213nxgkYhdxASHTLPqU8GIYUtIngbRpk/mPy+NZKDtcofrpqnd5QuRngkRvqqFs7h0u3U0bFVO7miG0mMJWAm/QNZN5NLNoxfZrBUhoZWgjGJ1tu6NQVggAmb3rb6DCNwWKVnCqFyZOaInDcq9Up6Rh+NbLMMhUm0ghFKp+rr2sWZ+Pmnn4tnvZLb47kJDUk7ZP/LCC9q6hd5yFpKdRTxCznCH+9gmxfqOKSW5qBgWyCsbVySLQcuNZwRf1zgynkilNgyKcRNUnMeZU7FZVB9zABxwWqgD/ZVJIKhts5mq6hyLKXwTzwtQ0Kw7kYHkRya3hv6BFwJm7saKhHKySGb7JceFz2udBUoeA9y/pgGSGEJUWenuuQ0LVKH8QflbsfI8jlVKdUlHEYVrYo2yjULr9rraURabK6OClmrs9JI3Fg6PEl/wwh+SKmdeJZqOY4Vse4ZxcRfN0sGtiu1hfqTM6owm8Q==0y3/-----END PGP SIGNATURE-----

Debian Security Advisory 5276-1

Pillow starting with 9.2.0 and prior to 9.3.0 allows denial of service via SAMPLESPERPIXEL. A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DOS in TiffImagePlugin.py when setting up the context for image decoding. This issue has been patched in version 9.3.0.

**Pillow subject to DoS via SAMPLESPERPIXEL tag**

Moderate severity GitHub Reviewed Published Nov 14, 2022 • Updated Nov 15, 2022

GHSA-q4mp-jvh2-76fj: Pillow subject to DoS via SAMPLESPERPIXEL tag

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

**Conversation**

 

A large value in the SAMPLESPERPIXEL tag could lead to a memory and
runtime DOS in TiffImagePlugin.py when setting up the context for
image decoding.

 

 

Tests/test\_file\_tiff.py::TestFileTiff::test\_oom\[Tests/images/oom-225817ca0f8c663be7ab4b9e717b02c661e66834.tif\]
  PIL/TiffImagePlugin.py:850: UserWarning: Corrupt EXIF data.  Expecting to read 12 bytes but only got 6. 
    warnings.warn(str(msg))

Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>

 hugovk deleted the security-samples\_per\_pixel-sec branch

Oct 29, 2022

CVE-2022-45199: Limit SAMPLESPERPIXEL to avoid runtime DOS by hugovk · Pull Request #6700 · python-pillow/Pillow

A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks.
Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to

A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks.

Dubbed **KmsdBot** by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to luxury car brands to security firms.

"The botnet infects systems via an SSH connection that uses weak login credentials," Akamai researcher Larry W. Cashdollar said. "The malware does not stay persistent on the infected system as a way of evading detection."

The malware gets its name from an executable named "kmsd.exe" that's downloaded from a remote server following a successful compromise. It's also designed to support multiple architectures, such as Winx86, Arm64, mips64, and x86\_64.

KmsdBot comes with capabilities to perform scanning operations and propagate itself by downloading a list of username and password combinations. It's also equipped to control the mining process and update the malware.

Akamai said the first observed target of the malware was a gaming company named FiveM, a multiplayer mod for Grand Theft Auto V that allows players to access custom role-playing servers.

The DDoS attacks observed by the web infrastructure company include Layer 4 and Layer 7 attacks, wherein a flood of TCP, UDP, or HTTP GET requests are sent to overwhelm a target server's resources and hamper its ability to process and respond.

"This botnet is a great example of the complexity of security and how much it evolves," Cashdollar said. "What seems to have started as a bot for a game app has pivoted into attacking large luxury brands."

The findings come as vulnerable software is being increasingly used to deploy cryptocurrency miners, jumping from 12% in Q1 2022 to 17% in Q3, according to telemetry data from Kaspersky. Nearly half of the analyzed samples of malicious mining software (48%) secretly mine Monero (XMR).

"Interestingly, the most targeted country in Q3 2022 was Ethiopia (2.38%), where it is illegal to use and mine cryptocurrencies," the Russian cybersecurity company said. "Kazakhstan (2.13%) and Uzbekistan (2.01%) follow in second and third place."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.

Signed-off-by: Vladyslav Kopaihorodskyi vlad.kopaygorodsky@gmail.com

**Type of change**

*   Bug fix

**Description**

Do not create a new chain of type etcdraft.Chain if such exists in the map of chains. This can happen when in Raft protocol a channel was created, but not marked as done in WAL logs. So at orderer startup, it tried to create another instance of a chain and panicked because that instance startup failed.

**Related issues**

#2931

**Release Note**

Fixed bug when an orderer crashed at channel creation and after restart couldn't bootstrap because of desynchronization between WAL logs and ledger state.

Tag

#dos