CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52893 – gsmi: fix null-deref in gsmi_get_variable
https://notcve.org/view.php?id=CVE-2023-52893
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstore access layer") added a new get_variable call with attr=NULL, which triggers panic in gsmi. In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetchin... • https://git.kernel.org/stable/c/74c5b31c6618f01079212332b2e5f6c42f2d6307 •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48899 – drm/virtio: Fix GEM handle creation UAF
https://notcve.org/view.php?id=CVE-2022-48899
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. For that reason, dropping the handle's reference must be done *after* we are done dereferencing the object. In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UA... • https://git.kernel.org/stable/c/62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48898 – drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer
https://notcve.org/view.php?id=CVE-2022-48898
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer There are 3 possible interrupt sources are handled by DP controller, HPDstatus, Controller state changes and Aux read/write transaction. At every irq, DP controller have to check isr status of every interrupt sources and service the interrupt if its isr status bits shows interrupts are pending. There is potential race condition may happen at current aux isr hand... • https://git.kernel.org/stable/c/c943b4948b5848fc0e07f875edbd35a973879e22 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48897 – arm64/mm: fix incorrect file_map_count for invalid pmd
https://notcve.org/view.php?id=CVE-2022-48897
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect file_map_count for invalid pmd The page table check trigger BUG_ON() unexpectedly when split hugepage: ------------[ cut here ]------------ kernel BUG at mm/page_table_check.c:119! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 7 PID: 210 Comm: transhuge-stres Not tainted 6.1.0-rc3+ #748 Hardware name: linux,dummy-virt (DT) pstate: 20000005 (... • https://git.kernel.org/stable/c/42b2547137f5c974bb1bfd657c869fe96b96d86f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48896 – ixgbe: fix pci device refcount leak
https://notcve.org/view.php?id=CVE-2022-48896
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, it returns a PCI device with refcount incremented, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). In ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii(), pci_dev_put() is called to avoid leak. In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak... • https://git.kernel.org/stable/c/8fa10ef01260937eb540b4e9bbc3efa023595993 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48893 – drm/i915/gt: Cleanup partial engine discovery failures
https://notcve.org/view.php?id=CVE-2022-48893
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Cleanup partial engine discovery failures If we abort driver initialisation in the middle of gt/engine discovery, some engines will be fully setup and some not. Those incompletely setup engines only have 'engine->release == NULL' and so will leak any of the common objects allocated. v2: - Drop the destroy_pinned_context() helper for now. It's not really worth it with just a single callsite at the moment. (Janusz) In the Linux k... • https://git.kernel.org/stable/c/5c855bcc730656c4b7d30aaddcd0eafc7003e112 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48892 – sched/core: Fix use-after-free bug in dup_user_cpus_ptr()
https://notcve.org/view.php?id=CVE-2022-48892
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/core: Fix use-after-free bug in dup_user_cpus_ptr() Since commit 07ec77a1d4e8 ("sched: Allow task CPU affinity to be restricted on asymmetric systems"), the setting and clearing of user_cpus_ptr are done under pi_lock for arm64 architecture. However, dup_user_cpus_ptr() accesses user_cpus_ptr without any lock protection. Since sched_setaffinity() can be invoked from another process, the process being modified may be undergoing fork() ... • https://git.kernel.org/stable/c/07ec77a1d4e82526e1588979fff2f024f8e96df2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48891 – regulator: da9211: Use irq handler when ready
https://notcve.org/view.php?id=CVE-2022-48891
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: regulator: da9211: Use irq handler when ready If the system does not come from reset (like when it is kexec()), the regulator might have an IRQ waiting for us. If we enable the IRQ handler before its structures are ready, we crash. This patch fixes: [ 1.141839] Unable to handle kernel read from unreadable memory at virtual address 0000000000000078 [ 1.316096] Call trace: [ 1.316101] blocking_notifier_call_chain+0x20/0xa8 [ 1.322757] cpu cpu... • https://git.kernel.org/stable/c/1c1afcb8839b91c09d211ea304faa269763b1f91 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48890 – scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
https://notcve.org/view.php?id=CVE-2022-48890
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(), which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in storvsc_do_io(), the I/O is typically retried by higher level code, but the bounce buffer memory is never freed. The mostly like cause of I/O submission failure is a full VMBus channel ring buffer, which is not un... • https://git.kernel.org/stable/c/743b237c3a7b0f5b44aa704aae8a1058877b6322 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48889 – ASoC: Intel: sof-nau8825: fix module alias overflow
https://notcve.org/view.php?id=CVE-2022-48889
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof-nau8825: fix module alias overflow The maximum name length for a platform_device_id entry is 20 characters including the trailing NUL byte. The sof_nau8825.c file exceeds that, which causes an obscure error message: sound/soc/intel/boards/snd-soc-sof_nau8825.mod.c:35:45: error: illegal character encoding in string literal [-Werror,-Winvalid-source-encoding] MODULE_ALIAS("platform:adl_max98373_nau8825