CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48703 – thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
https://notcve.org/view.php?id=CVE-2022-48703
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO... • https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48702 – ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
https://notcve.org/view.php?id=CVE-2022-48702
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the newly allocated voices as if it never wrapped around. This results in out of bounds access if the first voice has a high enough index so that first_voice + requested_voice_count > NUM_G (64). The more voices are re... • https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48701 – ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
https://notcve.org/view.php?id=CVE-2022-48701
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and the number of it's interfaces less than 4, an out-of-bounds read bug occurs when parsing the interface descriptor for this device. Fix this by checking the number of interfaces. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: corrige un error fuera de los... • https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48699 – sched/debug: fix dentry leak in update_sched_domain_debugfs
https://notcve.org/view.php?id=CVE-2022-48699
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/debug: fix dentry leak in update_sched_domain_debugfs Kuyo reports that the pattern of using debugfs_remove(debugfs_lookup()) leaks a dentry and with a hotplug stress test, the machine eventually runs out of memory. Fix this up by using the newly created debugfs_lookup_and_remove() call instead which properly handles the dentry reference counting logic. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/debug: co... • https://git.kernel.org/stable/c/26e9a1ded8923510e5529fbb28390b22228700c2 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48698 – drm/amd/display: fix memory leak when using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2022-48698
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix memory leak when using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. Fix this up by properly calling dput(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: soluciona la pérdida de memoria al usar debugfs_lookup() Al llamar a debugfs_lookup(), el resultado debe tener llamado dput(); de lo contrario, l... • https://git.kernel.org/stable/c/58acd2ebae034db3bacf38708f508fbd12ae2e54 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48697 – nvmet: fix a use-after-free
https://notcve.org/view.php?id=CVE-2022-48697
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a use-after-free Fix the following use-after-free complaint triggered by blktests nvme/004: BUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350 Read of size 4 at addr 0000607bd1835943 by task kworker/13:1/460 Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop] Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e print_report.cold+0x36/0x1e2 kasan_report+0xb9/0xf0 __asan_load4+0x6b/0x80 blk_mq_compl... • https://git.kernel.org/stable/c/a07b4970f464f13640e28e16dad6cfa33647cc99 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48672 – of: fdt: fix off-by-one error in unflatten_dt_nodes()
https://notcve.org/view.php?id=CVE-2022-48672
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which makes it possible to overflow the nps[] buffer... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: de: fdt: corrige el error u... • https://git.kernel.org/stable/c/78c44d910d3e5f96dc6b3695fc1e4efd7c46a455 • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48670 – peci: cpu: Fix use-after-free in adev_release()
https://notcve.org/view.php?id=CVE-2022-48670
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: peci: cpu: Fix use-after-free in adev_release() When auxiliary_device_add() returns an error, auxiliary_device_uninit() is called, which causes refcount for device to be decremented and .release callback will be triggered. Because adev_release() re-calls auxiliary_device_uninit(), it will cause use-after-free: [ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15 [ 1269.464007] refcount_t: underflo... • https://git.kernel.org/stable/c/c87f1f99e26ea4ae08cabe753ae98e5626bdba89 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27388 – SUNRPC: fix some memleaks in gssx_dec_option_array
https://notcve.org/view.php?id=CVE-2024-27388
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: SUNRPC: corrige algunas fugas de mem en gssx_dec_option_array Los creds y oa->data deben liberarse en las rutas de manejo de errores después de su asignación. Entonces ... • https://git.kernel.org/stable/c/1d658336b05f8697d6445834f8867f8ad5e4f735 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27078 – media: v4l2-tpg: fix some memleaks in tpg_alloc
https://notcve.org/view.php?id=CVE-2024-27078
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpg_free is called only when tpg_alloc return 0. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medio: v4l2-tpg: corrige algunas fugas de memoria en tpg_alloc En tpg_alloc, los recursos deben desasignarse... • https://git.kernel.org/stable/c/63881df94d3ecbb0deafa0b77da62ff2f32961c4 •