CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35847 – irqchip/gic-v3-its: Prevent double free on error
https://notcve.org/view.php?id=CVE-2024-35847
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when its_vpe_init() fails after successfully allocating at least one interrupt. This happens because its_vpe_irq_domain_free() frees the interrupts along with the area bitmap and the vprop_page and its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the vprop_page again. Fix this by unconditionally invoki... • https://git.kernel.org/stable/c/7d75bbb4bc1ad90386776459d37e4ddfe605671e •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35843 – iommu/vt-d: Use device rbtree in iopf reporting path
https://notcve.org/view.php?id=CVE-2024-35843
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in iopf reporting path The existing I/O page fault handler currently locates the PCI device by calling pci_get_domain_bus_and_slot(). This function searches the list of all PCI devices until the desired device is found. To improve lookup efficiency, replace it with device_rbtree_find() to search the device within the probed device rbtree. The I/O page fault is initiated by the device, which does not have any sy... • https://git.kernel.org/stable/c/3d39238991e745c5df85785604f037f35d9d1b15 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35839 – netfilter: bridge: replace physindev with physinif in nf_bridge_info
https://notcve.org/view.php?id=CVE-2024-35839
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nf_bridge_info An skb can be added to a neigh->arp_queue while waiting for an arp reply. Where original skb's skb->dev can be different to neigh's neigh->dev. For instance in case of bridging dnated skb from one veth to another, the skb would be added to a neigh->arp_queue of the bridge. As skb->dev can be reset back to nf_bridge->physindev and used, and as there is no explicit mechanism... • https://git.kernel.org/stable/c/c4e70a87d975d1f561a00abfe2d3cefa2a486c95 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52698 – calipso: fix memory leak in netlbl_calipso_add_pass()
https://notcve.org/view.php?id=CVE-2023-52698
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: calipso: fix memory leak in netlbl_calipso_add_pass() If IPv6 support is disabled at boot (ipv6.disable=1), the calipso_init() -> netlbl_calipso_ops_register() function isn't called, and the netlbl_calipso_ops_get() function always returns NULL. In this case, the netlbl_calipso_add_pass() function allocates memory for the doi_def variable but doesn't free it with the calipso_doi_free(). BUG: memory leak unreferenced object 0xffff888011d6818... • https://git.kernel.org/stable/c/cb72d38211eacda2dd90b09540542b6582da614e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52693 – ACPI: video: check for error while searching for backlight device parent
https://notcve.org/view.php?id=CVE-2023-52693
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because acpi_ut_acquire_mutex() fails inside acpi_get_parent), this can lead to incorrect (uninitialized) acpi_parent handle being passed to acpi_get_pci_dev() for detecting the parent pci device. Check acpi_get_parent() result and set parent device only in case of success. Found by ... • https://git.kernel.org/stable/c/9661e92c10a9775243c1ecb73373528ed8725a10 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52691 – drm/amd/pm: fix a double-free in si_dpm_init
https://notcve.org/view.php?id=CVE-2023-52691
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free some fields of adev. However, when the control flow returns to si_dpm_sw_init, it goes to label dpm_failed and calls si_dpm_fini, which calls amdgpu_free_extended_power_table again and free those fields again. Thus a double-free is triggered. En el kernel de L... • https://git.kernel.org/stable/c/841686df9f7d2942cfd94d024b8591fa3f74ef7c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52686 – powerpc/powernv: Add a null pointer check in opal_event_init()
https://notcve.org/view.php?id=CVE-2023-52686
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/powernv: añadir una verificación de puntero nulo en opal_event_init() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/2717a33d60745f2f72e521cdaedf79b00f66f8ca •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52683 – ACPI: LPIT: Avoid u32 multiplication overflow
https://notcve.org/view.php?id=CVE-2023-52683
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if tsc_khz is large enough (> UINT_MAX/1000). Change multiplication to mul_u32_u32(). Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ACPI: LPIT: Evitar desbordamiento de multiplicación u32 En lpit_update_residency() existe la posibi... • https://git.kernel.org/stable/c/eeb2d80d502af28e5660ff4bbe00f90ceb82c2db •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52679 – of: Fix double free in of_parse_phandle_with_args_map
https://notcve.org/view.php?id=CVE-2023-52679
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop. Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigne... • https://git.kernel.org/stable/c/bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52676 – bpf: Guard stack limits against 32bit overflow
https://notcve.org/view.php?id=CVE-2023-52676
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit register with a int offset. The register was checked to be below 1<<29 when it was variable, but not when it was fixed. The offset either comes from an instruction (in which case it is 16 bit), from another register (in wh... • https://git.kernel.org/stable/c/ad140fc856f0b1d5e2215bcb6d0cc247a86805a2 •