CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52910 – iommu/iova: Fix alloc iova overflows issue
https://notcve.org/view.php?id=CVE-2023-52910
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/iova: Fix alloc iova overflows issue In __alloc_and_insert_iova_range, there is an issue that retry_pfn overflows. The value of iovad->anchor.pfn_hi is ~0UL, then when iovad->cached_node is iovad->anchor, curr_iova->pfn_hi + 1 will overflow. As a result, if the retry logic is executed, low_pfn is updated to 0, and then new_pfn < low_pfn returns false to make the allocation successful. This issue occurs in the following two situations:... • https://git.kernel.org/stable/c/4e89dce725213d3d0b0475211b500eda4ef4bf2f •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52909 – nfsd: fix handling of cached open files in nfsd4_open codepath
https://notcve.org/view.php?id=CVE-2023-52909
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4_open codepath Commit fb70bf124b05 ("NFSD: Instantiate a struct file when creating a regular NFSv4 file") added the ability to cache an open fd over a compound. There are a couple of problems with the way this currently works: It's racy, as a newly-created nfsd_file can end up with its PENDING bit cleared while the nf is hashed, and the nf_file pointer is still zeroed out. Other tasks can find... • https://git.kernel.org/stable/c/fb70bf124b051d4ded4ce57511dfec6d3ebf2b43 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52907 – nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
https://notcve.org/view.php?id=CVE-2023-52907
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. Its callback frees the skb data in pn533_send_async_complete() that is used as a transfer buffer of out_urb. Wait before sending in_urb until the callback of out_urb is called. To modify the callback of out_urb alone, separate the complete function of out_... • https://git.kernel.org/stable/c/c46ee38620a2aa2b25b16bc9738ace80dbff76a4 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52906 – net/sched: act_mpls: Fix warning during failed attribute validation
https://notcve.org/view.php?id=CVE-2023-52906
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a validation type of 'NLA_VALIDATE_FUNCTION'. This is an invalid combination according to the comment above 'struct nla_policy': " Meaning of `validate' field, use via NLA_POLICY_VALIDATE_FN: NLA_BINARY Validation function called for the attribute. All other Unused - but note that it's a union " This can trigger t... • https://git.kernel.org/stable/c/2a2ea50870baa3fb4de0872c5b60828138654ca7 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52905 – octeontx2-pf: Fix resource leakage in VF driver unbind
https://notcve.org/view.php?id=CVE-2023-52905
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc feature are not getting freed in driver unbind. This patch fixes the issue. In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc ... • https://git.kernel.org/stable/c/2da48943274712fc3204089d9a97078350765635 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52903 – io_uring: lock overflowing for IOPOLL
https://notcve.org/view.php?id=CVE-2023-52903
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 CPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0 Workqueue: events_unbound io_ring_exit_work Call trace: io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 io_req_cqe_overflow+0x5c/0x70 ... • https://git.kernel.org/stable/c/de77faee280163ff03b7ab64af6c9d779a43d4c4 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52902 – nommu: fix memory leak in do_mmap() error path
https://notcve.org/view.php?id=CVE-2023-52902
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in do_mmap() error path The preallocation of the maple tree nodes may leak if the error path to "error_just_free" is taken. Fix this by moving the freeing of the maple tree nodes to a shared location for all error paths. In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in do_mmap() error path The preallocation of the maple tree nodes may leak if the error path to "error_just_f... • https://git.kernel.org/stable/c/8220543df1489ef96c3d4e8b0b3b03c340e3943e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52901 – usb: xhci: Check endpoint is valid before dereferencing it
https://notcve.org/view.php?id=CVE-2023-52901
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an invalid endpoint. Fix this by using xhci_get_virt_ep() helper to find the endpoint and checking if the endpoint is valid before dereferencing it. [233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead [... • https://git.kernel.org/stable/c/50e8725e7c429701e530439013f9681e1fa36b5d •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52900 – nilfs2: fix general protection fault in nilfs_btree_insert()
https://notcve.org/view.php?id=CVE-2023-52900
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling __nilfs_btree_get_block() against an invalid virtual block address, it returns -ENOENT because conversion of the virtual block address to a disk block address fails. However, this return value is the same as the internal code that b-tree lookup routines return to indicate that the block being ... • https://git.kernel.org/stable/c/3c2a2ff67d46106715c2132021b98bd057c27545 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52899 – Add exception protection processing for vd in axi_chan_handle_err function
https://notcve.org/view.php?id=CVE-2023-52899
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in axi_chan_handle_err function Since there is no protection for vd, a kernel panic will be triggered here in exceptional cases. You can refer to the processing of axi_chan_block_xfer_complete function The triggered kernel panic is as follows: [ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 [ 67.848447] Mem abort info: [ 67.848449] ESR = 0x96000004 ... • https://git.kernel.org/stable/c/f534dc438828cc3f1f8c6895b8bdfbef079521fb •