CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52484 – iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range
https://notcve.org/view.php?id=CVE-2023-52484
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range When running an SVA case, the following soft lockup is triggered: -------------------------------------------------------------------- watchdog: BUG: soft lockup - CPU#244 stuck for 26s! pstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : arm_smmu_cmdq_issue_cmdlist+0x178/0xa50 lr : arm_smmu_cmdq_issue_cmdlist+0x150/0xa50 sp : ffff8000d83ef290 x29:... • https://git.kernel.org/stable/c/f5a604757aa8e37ea9c7011dc9da54fa1b30f29b •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52482 – x86/srso: Add SRSO mitigation for Hygon processors
https://notcve.org/view.php?id=CVE-2023-52482
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: x86/srso: agregue mitigación SRSO para procesadores Hygon. Agregue mitigación para la vulnerabilidad de desbordamiento de pila de retorno especulativo que también existe en los procesadores Hygon. A vulnerability was fou... • https://git.kernel.org/stable/c/e7ea043bc3f19473561c08565047b3f1671bf35d • CWE-562: Return of Stack Variable Address •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52481 – arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
https://notcve.org/view.php?id=CVE-2023-52481
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround Implement the workaround for ARM Cortex-A520 erratum 2966298. On an affected Cortex-A520 core, a speculatively executed unprivileged load might leak data from a privileged load via a cache side channel. The issue only exists for loads within a translation regime with the same translation (e.g. same ASID and VMID). Therefore, the issue only affects the return to EL0. The... • https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52478 – HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
https://notcve.org/view.php?id=CVE-2023-52478
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU) races when it races with itself. hidpp_connect_event() primarily runs from a workqueue but it also runs on probe() and if a "device-connected" packet is received by the hw when the thread running hidpp_connect_event() from probe() is waiting on the hw, then a second thread running hidpp_connect_event() will... • https://git.kernel.org/stable/c/ca0c4cc1d215dc22ab0e738c9f017c650f3183f5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52477 – usb: hub: Guard against accesses to uninitialized BOS descriptors
https://notcve.org/view.php?id=CVE-2023-52477
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If usb_get_bos_descriptor() fails for whatever reason, udev->bos will be NULL and those accesses will result in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000018 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP ... • https://git.kernel.org/stable/c/c64e4dca9aefd232b17ac4c779b608b286654e81 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52476 – perf/x86/lbr: Filter vsyscall addresses
https://notcve.org/view.php?id=CVE-2023-52476
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur when a vsyscall is made while LBR sampling is active. If the vsyscall is interrupted (NMI) for perf sampling, this call sequence can occur (most recent at top): __insn_get_emulate_prefix() insn_get_emulate_prefix() insn_get_prefixes() insn_get_opcode() decode_branch_type() get_branch_type() intel_pmu_lbr_filter() intel_pmu_handle_irq() perf_event_nmi_handler() Within __... • https://git.kernel.org/stable/c/403d201d1fd144cb249836dafb222f6375871c6c • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52475 – Input: powermate - fix use-after-free in powermate_config_complete
https://notcve.org/view.php?id=CVE-2023-52475
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermate_device struct. When an asynchronous control message completes after the kfree and its callback is invoked, the lock does not exist anymore and hence the bug. Use usb_kill_urb() on pm->config to cancel any in-progress... • https://git.kernel.org/stable/c/8677575c4f39d65bf0d719b5d20e8042e550ccb9 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-46939 – tracing: Restructure trace_clock_global() to never block
https://notcve.org/view.php?id=CVE-2021-46939
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following backtrace was extracted from debugging that case: Call Trace: trace_clock_global+0x91/0xa0 __rb_reserve_next+0x237/0x460 ring_buffer_lock_reserve+0x12a/0x3f0 trace_buffer_lock_reserve+0x10/0x50 __trace_graph_return+0x1f/0x80 trace_graph_r... • https://git.kernel.org/stable/c/14131f2f98ac350ee9e73faed916d2238a8b6a0d • CWE-662: Improper Synchronization CWE-833: Deadlock •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46936 – net: fix use-after-free in tw_timer_handler
https://notcve.org/view.php?id=CVE-2021-46936
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fix use-after-free in tw_timer_handler A real world panic issue was found as follow in Linux 5.4. BUG: unable to handle page fault for address: ffffde49a863de28 PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0 RIP: 0010:tw_timer_handler+0x20/0x40 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46932 – Input: appletouch - initialize work before device registration
https://notcve.org/view.php?id=CVE-2021-46932
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may happen, since input_dev->close() calls cancel_work_sync(&dev->work), but dev->work initalization happens _after_ input_register_device() call. So this patch moves dev->work initialization before registering input device En el kernel de Li... • https://git.kernel.org/stable/c/5a6eb676d3bc4d7a6feab200a92437b62ad298da • CWE-665: Improper Initialization •