CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52730 – mmc: sdio: fix possible resource leaks in some error paths
https://notcve.org/view.php?id=CVE-2023-52730
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdio_add_func() or sdio_init_func() fails, sdio_remove_func() can not release the resources, because the sdio function is not presented in these two cases, it won't call of_node_put() or put_device(). To fix these leaks, make sdio_func_present() only control whether device_del() needs to be called or not, then always call of_node_put() and put_device(). In error case in sdio_init... • https://git.kernel.org/stable/c/3d10a1ba0d37c8f5fd5afcdda00613fbb8a90bf5 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52708 – mmc: mmc_spi: fix error handling in mmc_spi_probe()
https://notcve.org/view.php?id=CVE-2023-52708
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_spi: fix error handling in mmc_spi_probe() If mmc_add_host() fails, it doesn't need to call mmc_remove_host(), or it will cause null-ptr-deref, because of deleting a not added device in mmc_remove_host(). To fix this, goto label 'fail_glue_init', if mmc_add_host() fails, and change the label 'fail_add_host' to 'fail_gpiod_request'. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: mmc_spi: corrige el manejo de... • https://git.kernel.org/stable/c/15a0580ced081a0f7dc2deea8a4812bdc5e9a109 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52705 – nilfs2: fix underflow in second superblock position calculations
https://notcve.org/view.php?id=CVE-2023-52705
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix underflow in second superblock position calculations Macro NILFS_SB2_OFFSET_BYTES, which computes the position of the second superblock, underflows when the argument device size is less than 4096 bytes. Therefore, when using this macro, it is necessary to check in advance that the device size is not less than a lower limit, or at least that underflow does not occur. The current nilfs2 implementation lacks this check, causing out... • https://git.kernel.org/stable/c/2f7a1135b202977b82457adde7db6c390056863b •
CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52703 – net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
https://notcve.org/view.php?id=CVE-2023-52703
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path syzbot reported that act_len in kalmia_send_init_packet() is uninitialized when passing it to the first usb_bulk_msg error path. Jiri Pirko noted that it's pointless to pass it in the error path, and that the value that would be printed in the second error path would be the value of act_len from the first call to usb_bulk_msg.[1] With this in mind, let's just not pass act_len to... • https://git.kernel.org/stable/c/d40261236e8e278cb1936cb5e934262971692b10 • CWE-15: External Control of System or Configuration Setting •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52700 – tipc: fix kernel warning when sending SYN message
https://notcve.org/view.php?id=CVE-2023-52700
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630]
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48708 – pinctrl: single: fix potential NULL dereference
https://notcve.org/view.php?id=CVE-2022-48708
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference Added checking of pointer "function" in pcs_set_mux(). pinmux_generic_get_function() can return NULL and the pointer "function" was dereferenced without checking against NULL. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: single: corrige una posible desreferencia NULL. Se agregó la verificación de l... • https://git.kernel.org/stable/c/571aec4df5b72a80f80d1e524da8fbd7ff525c98 •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48706 – vdpa: ifcvf: Do proper cleanup if IFCVF init fails
https://notcve.org/view.php?id=CVE-2022-48706
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: vdpa: ifcvf: Do proper cleanup if IFCVF init fails ifcvf_mgmt_dev leaks memory if it is not freed before returning. Call is made to correct return statement so memory does not leak. ifcvf_init_hw does not take care of this so it is needed to do it here. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: vdpa: ifcvf: realice una limpieza adecuada si falla el inicio de IFCVF. ifcvf_mgmt_dev pierde memoria si no se libera antes de... • https://git.kernel.org/stable/c/5d2cc32c1c10bd889125d2adc16a6bc3338dcd3e •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47431 – drm/amdgpu: fix gart.bo pin_count leak
https://notcve.org/view.php?id=CVE-2021-47431
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gart.bo pin_count leak gmc_v{9,10}_0_gart_disable() isn't called matched with correspoding gart_enbale function in SRIOV case. This will lead to gart.bo pin_count leak on driver unload. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: corrige la fuga de pin_count de gart.bo gmc_v{9,10}_0_gart_disable() no se llama y coincide con la función gart_enbale correspondiente en el caso SRIOV. Esto provocar... • https://git.kernel.org/stable/c/83d857d6b0967b6709cd38750c3ce2ed8ced1a95 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47425 – i2c: acpi: fix resource leak in reconfiguration device addition
https://notcve.org/view.php?id=CVE-2021-47425
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: fix resource leak in reconfiguration device addition acpi_i2c_find_adapter_by_handle() calls bus_find_device() which takes a reference on the adapter which is never released which will result in a reference count leak and render the adapter unremovable. Make sure to put the adapter after creating the client in the same manner that we do for OF. [wsa: fixed title] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i2c... • https://git.kernel.org/stable/c/525e6fabeae286848592363bda13bc34b59bb5ac •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47423 – drm/nouveau/debugfs: fix file release memory leak
https://notcve.org/view.php?id=CVE-2021-47423
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/debugfs: fix file release memory leak When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/nouveau/debugfs: corrige la pérdida de memoria de liberación de archivos. Cuando se usa single_open() para abrir, se debe llamar a single_release(); de lo contrario, se ejecutará la 'op' a... • https://git.kernel.org/stable/c/6e9fc177399f08446293fec7607913fdbc95e191 •