CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2023-52919 – nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
https://notcve.org/view.php?id=CVE-2023-52919
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (calling alloc_skb()) to avoid possible NULL pointer dereference. • https://git.kernel.org/stable/c/391d8a2da787257aeaf952c974405b53926e3fb3 https://git.kernel.org/stable/c/2b2edf089df3a69f0072c6e71563394c5a94e62e https://git.kernel.org/stable/c/5622592f8f74ae3e594379af02e64ea84772d0dd https://git.kernel.org/stable/c/76050b0cc5a72e0c7493287b7e18e1cb9e3c4612 https://git.kernel.org/stable/c/c95fa5b20fe03609e0894656fa43c18045b5097e https://git.kernel.org/stable/c/ffdc881f68073ff86bf21afb9bb954812e8278be https://git.kernel.org/stable/c/d7dbdbe3800a908eecd4975c31be47dd45e2104a https://git.kernel.org/stable/c/bb6cacc439ddd2cd51227ab193f4f91cf •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2023-52918 – media: pci: cx23885: check cx23885_vdev_init() return
https://notcve.org/view.php?id=CVE-2023-52918
In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwind if it is NULL. • https://git.kernel.org/stable/c/8e31b096e2e1949bc8f0be019c9ae70d414404c6 https://git.kernel.org/stable/c/199a42fc4c45e8b7f19efeb15dbc36889a599ac2 https://git.kernel.org/stable/c/e7385510e2550a9f8b6f3d5f33c5b894ab9ba976 https://git.kernel.org/stable/c/a5f1d30c51c485cec7a7de60205667c3ff86c303 https://git.kernel.org/stable/c/06ee04a907d64ee3910fecedd05d7f1be4b1b70e https://git.kernel.org/stable/c/b1397fb4a779fca560c43d2acf6702d41b4a495b https://git.kernel.org/stable/c/15126b916e39b0cb67026b0af3c014bfeb1f76b3 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50065 – ntfs3: Change to non-blocking allocation in ntfs_d_hash
https://notcve.org/view.php?id=CVE-2024-50065
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Change to non-blocking allocation in ntfs_d_hash d_hash is done while under "rcu-walk" and should not sleep. __get_name() allocates using GFP_KERNEL, having the possibility to sleep when under memory pressure. Change the allocation to GFP_NOWAIT. • https://git.kernel.org/stable/c/58ebd50d22529f79d2497abbb006137a7c7f5336 https://git.kernel.org/stable/c/d392e85fd1e8d58e460c17ca7d0d5c157848d9c1 https://git.kernel.org/stable/c/2e83375fd95b81be0e9ca457cc7c3f23e3575768 https://git.kernel.org/stable/c/c556e72cea2a1131ae418be017dd6fc76fffe2fb https://git.kernel.org/stable/c/d0c710372e238510db08ea01e7b8bd81ed995dd6 https://git.kernel.org/stable/c/589996bf8c459deb5bbc9747d8f1c51658608103 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50064 – zram: free secondary algorithms names
https://notcve.org/view.php?id=CVE-2024-50064
In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree() secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [senozhatsky@chromium.org: kfree(NULL) is legal] Link: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org • https://git.kernel.org/stable/c/001d9273570115b2eb360d5452bbc46f6cc063a1 https://git.kernel.org/stable/c/6272936fd242ca1f784c3e21596dfb3859dff276 https://git.kernel.org/stable/c/ef35cc0d15b89dd013e1bb829fe97db7b1ab79eb https://git.kernel.org/stable/c/684826f8271ad97580b138b9ffd462005e470b99 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50063 – bpf: Prevent tail call between progs attached to different hooks
https://notcve.org/view.php?id=CVE-2024-50063
In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached functions can take different parameters or return different return values. If prog attached to one kernel function tail calls prog attached to another kernel function, the ctx access or return value verification could be bypassed. For example, if prog1 is attached to func1 which takes only 1 parameter and prog2 is attached to func2 which takes two parameters. Since verifier assumes the bpf ctx passed to prog2 is constructed based on func2's prototype, verifier allows prog2 to access the second parameter from the bpf ctx passed to it. The problem is that verifier does not prevent prog1 from passing its bpf ctx to prog2 via tail call. In this case, the bpf ctx passed to prog2 is constructed from func1 instead of func2, that is, the assumption for ctx access verification is bypassed. Another example, if BPF LSM prog1 is attached to hook file_alloc_security, and BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. • https://git.kernel.org/stable/c/5d5e3b4cbe8ee16b7bf96fd73a421c92a9da3ca1 https://git.kernel.org/stable/c/88c2a10e6c176c2860cd0659f4c0e9d20b3f64d1 https://git.kernel.org/stable/c/28ead3eaabc16ecc907cfb71876da028080f6356 •