CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48626 – moxart: fix potential use-after-free on remove path
https://notcve.org/view.php?id=CVE-2022-48626
25 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and using it instead of the pointer dereference. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: moxart: corrige el posible use-after-free en la ruta de eliminación. Se informó que se podía acceder a la estructura del hos... • https://git.kernel.org/stable/c/f5dc193167591e88797262ec78515a0cbe79ff5f • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46904 – net: hso: fix null-ptr-deref during tty device unregistration
https://notcve.org/view.php?id=CVE-2021-46904
25 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in a null-ptr-deref. The get_free_serial_index() function returns an available minor number but doesn't assign it immediately. The assignment is done by the caller later. But before this assignment, calls to get_free_s... • https://git.kernel.org/stable/c/72dc1c096c7051a48ab1dbb12f71976656b55eb5 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26598 – KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
https://notcve.org/view.php?id=CVE-2024-26598
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgic_its_check_cache() does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes. Have vgic_its_check_cache() raise the refcount on the r... • https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52458 – block: add check that partition length needs to be aligned with block size
https://notcve.org/view.php?id=CVE-2023-52458
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the logical block size of the disk is larger than 512 bytes, then the partition size maybe not the multiple of the logical block size, and when the last sector is read, bio_truncate() will adjust the bio size, resulting in an IO error i... • https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52449 – mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
https://notcve.org/view.php?id=CVE-2023-52449
22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read(). ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all gluebi_notify nb->notifier_call() gluebi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_... • https://git.kernel.org/stable/c/2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52445 – media: pvrusb2: fix use after free on context disconnection
https://notcve.org/view.php?id=CVE-2023-52445
22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on the context object. However, that might happen before the usb hub_event handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack. En el... • https://git.kernel.org/stable/c/e5be15c63804e05b5a94197524023702a259e308 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52436 – f2fs: explicitly null-terminate the xattr list
https://notcve.org/view.php?id=CVE-2023-52436
20 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: termina explícitamente en nulo la lista xattr Al configurar un xattr, termina explícitamente en nulo la lista xattr. Esto elimina la frágil suposición de que el espacio xattr... • https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135 •
CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52434 – smb: client: fix potential OOBs in smb2_parse_contexts()
https://notcve.org/view.php?id=CVE-2023-52434
20 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create contexts from server: BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU:... • https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52429
https://notcve.org/view.php?id=CVE-2023-52429
12 Feb 2024 — dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. dm_table_create en drivers/md/dm-table.c en el kernel de Linux hasta 6.7.4 puede intentar (en alloc_targets) asignar más de INT_MAX bytes y fallar debido a que falta una verificación de la estructura dm_ioctl.target_count. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd504bcfec41a503b32054da5472904b404341a4 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25739 – kernel: crash due to a missing check for leb_size
https://notcve.org/view.php?id=CVE-2024-25739
12 Feb 2024 — create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. create_empty_lvol en drivers/mtd/ubi/vtbl.c en el kernel de Linux hasta 6.7.4 puede intentar asignar cero bytes y fallar debido a que falta una verificación de ubi->leb_size. A flaw was found in the Linux kernel. The create_empty_lvol function in the drivers/mtd/ubi/vtbl.c file can attempt to allocate zero bytes of memory when the LEB s... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9 • CWE-754: Improper Check for Unusual or Exceptional Conditions •