CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48903 – btrfs: fix relocation crash due to premature return from btrfs_commit_transaction()
https://notcve.org/view.php?id=CVE-2022-48903
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() We are seeing crashes similar to the following trace: [38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 btrfs_relocate_block_group+0x2dc/0x340 [btrfs] [38.973556] CPU: 20 PID: 2105 Comm: btrfs Not tainted 5.17.0-rc4 #54 [38.974580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/... • https://git.kernel.org/stable/c/d0c2f4fa555e70324ec2a129b822ab58f172cc62 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48902 – btrfs: do not WARN_ON() if we have PageError set
https://notcve.org/view.php?id=CVE-2022-48902
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not WARN_ON() if we have PageError set Whenever we do any extent buffer operations we call assert_eb_page_uptodate() to complain loudly if we're operating on an non-uptodate page. Our overnight tests caught this warning earlier this week WARNING: CPU: 1 PID: 553508 at fs/btrfs/extent_io.c:6849 assert_eb_page_uptodate+0x3f/0x50 CPU: 1 PID: 553508 Comm: kworker/u4:13 Tainted: G W 5.17.0-rc3+ #564 Hardware name: QEMU Standard PC (Q35... • https://git.kernel.org/stable/c/e00077aa439f0e8f416699fa4e9600db6583db70 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48901 – btrfs: do not start relocation until in progress drops are done
https://notcve.org/view.php?id=CVE-2022-48901
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production. I reproduced this locally by injecting errors into snapshot delete with balance running at the same time. This presented as an error while looking up an extent item WARNING: CPU: 5 PID: 1501 at fs/btrfs/extent-tree.c:866 lookup_inline_extent_backref+0x647/0x680 CPU: 5 PID: 1501 Comm: b... • https://git.kernel.org/stable/c/6599d5e8bd758d897fd2ef4dc388ae50278b1f7e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-4441 – spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()
https://notcve.org/view.php?id=CVE-2021-4441
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(), which could lead to a NULL pointer dereference on failure of kzalloc(). Fix this bug by adding a check of tmpbuf. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and con... • https://git.kernel.org/stable/c/67dca5e580f1e93a66177389981541cac208c817 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52914 – io_uring/poll: add hash if ready poll request can't complete inline
https://notcve.org/view.php?id=CVE-2023-52914
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: add hash if ready poll request can't complete inline If we don't, then we may lose access to it completely, leading to a request leak. This will eventually stall the ring exit process as well. In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: add hash if ready poll request can't complete inline If we don't, then we may lose access to it completely, leading to a request leak. This will eventual... • https://git.kernel.org/stable/c/49f1c68e048f1706b71c8255faf8110113d1cc48 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52913 – drm/i915: Fix potential context UAFs
https://notcve.org/view.php?id=CVE-2023-52913
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gem_context_register() makes the context visible to userspace, and which point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl. So we need to ensure that nothing uses the ctx ptr after this. And we need to ensure that adding the ctx to the xarray is the *last* thing that gem_context_register() does with the ctx pointer. [tursulin: Stable and fixes tags add/tidy.] (cherry picked from comm... • https://git.kernel.org/stable/c/eb4dedae920a07c485328af3da2202ec5184fb17 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52912 – drm/amdgpu: Fixed bug on error when unloading amdgpu
https://notcve.org/view.php?id=CVE-2023-52912
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows: [ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278! [ 377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G IOE 6.0.0-thomas #1 [ 377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021 [ 377.706238] RIP: 0010:drm_bud... • https://git.kernel.org/stable/c/9196eb7c52e55749a332974f0081f77d53d60199 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52911 – drm/msm: another fix for the headless Adreno GPU
https://notcve.org/view.php?id=CVE-2023-52911
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU working in the headless mode (e.g. iMX platforms). Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read [00000000] *pgd=74936831, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#1] ARM CPU: 0 PID: 51 Comm: reboot Not tainted 6.2.0-rc1-dirty #11 Hardware name: Freescale i.MX53 ... • https://git.kernel.org/stable/c/0a58d2ae572adaec8d046f8d35b40c2c32ac7468 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52910 – iommu/iova: Fix alloc iova overflows issue
https://notcve.org/view.php?id=CVE-2023-52910
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/iova: Fix alloc iova overflows issue In __alloc_and_insert_iova_range, there is an issue that retry_pfn overflows. The value of iovad->anchor.pfn_hi is ~0UL, then when iovad->cached_node is iovad->anchor, curr_iova->pfn_hi + 1 will overflow. As a result, if the retry logic is executed, low_pfn is updated to 0, and then new_pfn < low_pfn returns false to make the allocation successful. This issue occurs in the following two situations:... • https://git.kernel.org/stable/c/4e89dce725213d3d0b0475211b500eda4ef4bf2f •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52909 – nfsd: fix handling of cached open files in nfsd4_open codepath
https://notcve.org/view.php?id=CVE-2023-52909
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4_open codepath Commit fb70bf124b05 ("NFSD: Instantiate a struct file when creating a regular NFSv4 file") added the ability to cache an open fd over a compound. There are a couple of problems with the way this currently works: It's racy, as a newly-created nfsd_file can end up with its PENDING bit cleared while the nf is hashed, and the nf_file pointer is still zeroed out. Other tasks can find... • https://git.kernel.org/stable/c/fb70bf124b051d4ded4ce57511dfec6d3ebf2b43 •