CVE-2023-52804 – fs/jfs: Add validity check for db_maxag and db_agpref
https://notcve.org/view.php?id=CVE-2023-52804
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add validity check for db_maxag and db_agpref Both db_maxag and db_agpref are used as the index of the db_agfree array, but there is currently no validity check for db_maxag and db_agpref, which can lead to errors. The following is related bug reported by Syzbot: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:639:20 index 7936 is out of range for type 'atomic_t[128]' Add checking that the values of db_maxag and db_agpref are valid indexes for the db_agfree array. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: fs/jfs: agregue verificación de validez para db_maxag y db_agpref. Tanto db_maxag como db_agpref se utilizan como índice de la matriz db_agfree, pero actualmente no hay verificación de validez para db_maxag y db_agpref, lo cual puede dar lugar a errores. El siguiente es un error relacionado reportado por Syzbot: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:639:20 el índice 7936 está fuera de rango para el tipo 'atomic_t[128]' Agregue verificando que el Los valores de db_maxag y db_agpref son índices válidos para la matriz db_agfree. • https://git.kernel.org/stable/c/a0649e2dd4a3595b5595a29d0064d047c2fae2fb https://git.kernel.org/stable/c/ce15b0f1a431168f07b1cc6c9f71206a2db5c809 https://git.kernel.org/stable/c/32bd8f1cbcf8b663e29dd1f908ba3a129541a11b https://git.kernel.org/stable/c/c6c8863fb3f57700ab583d875adda04caaf2278a https://git.kernel.org/stable/c/1f74d336990f37703a8eee77153463d65b67f70e https://git.kernel.org/stable/c/5013f8269887642cca784adc8db9b5f0b771533f https://git.kernel.org/stable/c/dca403bb035a565bb98ecc1dda5d30f676feda40 https://git.kernel.org/stable/c/2323de34a3ae61a9f9b544c18583f71ce •
CVE-2023-52799 – jfs: fix array-index-out-of-bounds in dbFindLeaf
https://notcve.org/view.php?id=CVE-2023-52799
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp->dm_stree. To add the required check for out of bound we first need to determine the type of dmtree. Thus added an extra parameter to dbFindLeaf so that the type of tree can be determined and the required check can be applied. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: jfs: corrige el índice de matriz fuera de los límites en dbFindLeaf. Actualmente, mientras se busca dmtree_t para suficientes bloques libres, hay una matriz fuera de los límites al obtener el elemento en tp->dm_stree . • https://git.kernel.org/stable/c/20f9310a18e3e99fc031e036fcbed67105ae1859 https://git.kernel.org/stable/c/86df90f3fea7c5591f05c8a0010871d435e83046 https://git.kernel.org/stable/c/ecfb47f13b08b02cf28b7b50d4941eefa21954d2 https://git.kernel.org/stable/c/81aa58cd8495b8c3b527f58ccbe19478d8087f61 https://git.kernel.org/stable/c/da3da5e1e6f71c21d8e6149d7076d936ef5d4cb9 https://git.kernel.org/stable/c/a50b796d36719757526ee094c703378895ab5e67 https://git.kernel.org/stable/c/88b7894a8f8705bf4e7ea90b10229376abf14514 https://git.kernel.org/stable/c/87c681ab49e99039ff2dd3e7185241738 •
CVE-2023-52789 – tty: vcc: Add check for kstrdup() in vcc_probe()
https://notcve.org/view.php?id=CVE-2023-52789
In the Linux kernel, the following vulnerability has been resolved: tty: vcc: Add check for kstrdup() in vcc_probe() Add check for the return value of kstrdup() and return the error, if it fails in order to avoid NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: vcc: Agregar verificación para kstrdup() en vcc_probe(). Agregar verificación para el valor de retorno de kstrdup() y devolver el error, si falla, para evitar la desreferencia de puntero NULL . • https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3 https://git.kernel.org/stable/c/909963e0c16778cec28efb1affc21558825f4200 https://git.kernel.org/stable/c/460284dfb10b207980c6f3f7046e33446ceb38ac https://git.kernel.org/stable/c/4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc https://git.kernel.org/stable/c/6c80f48912b5bd4965352d1a9a989e21743a4a06 https://git.kernel.org/stable/c/7cebc86481bf16049e266f6774d90f2fd4f8d5d2 https://git.kernel.org/stable/c/4a24a31826246b15477399febd13292b0c9f0ee9 https://git.kernel.org/stable/c/8f8771757b130383732195497e47fba2a •
CVE-2023-52766 – i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
https://notcve.org/view.php?id=CVE-2023-52766
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are not allocated and enabled in hci_dma_init(). Otherwise out of bounds access will occur from rings->headers[i] access when i >= number of allocated ring headers. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i3c: mipi-i3c-hci: corrige el acceso fuera de los límites en hci_dma_irq_handler. No realice bucles sobre encabezados de anillo en hci_dma_irq_handler() que no estén asignados y habilitados en hci_dma_init(). De lo contrario, el acceso fuera de los límites se producirá desde el acceso de anillos->encabezados[i] cuando i >= número de encabezados de anillo asignados. • https://git.kernel.org/stable/c/d23ad76f240c0f597b7a9eb79905d246f27d40df https://git.kernel.org/stable/c/8be39f66915b40d26ea2c18ba84b5c3d5da6809b https://git.kernel.org/stable/c/7c2b91b30d74d7c407118ad72502d4ca28af1af6 https://git.kernel.org/stable/c/4c86cb2321bd9c72d3b945ce7f747961beda8e65 https://git.kernel.org/stable/c/45a832f989e520095429589d5b01b0c65da9b574 •
CVE-2023-52764 – media: gspca: cpia1: shift-out-of-bounds in set_flicker
https://notcve.org/view.php?id=CVE-2023-52764
In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit type 'int' When the value of the variable "sd->params.exposure.gain" exceeds the number of bits in an integer, a shift-out-of-bounds error is reported. It is triggered because the variable "currentexp" cannot be left-shifted by more than the number of bits in an integer. In order to avoid invalid range during left-shift, the conditional expression is added. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: media: gspca: cpia1: desplazamiento fuera de los límites en set_flicker. Syzkaller informó el siguiente problema: UBSAN: desplazamiento fuera de los límites en drivers/media/usb/gspca /cpia1.c:1031:27 el exponente de desplazamiento 245 es demasiado grande para el tipo 'int' de 32 bits. • https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060 https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26 https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177 https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809 https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c21 • CWE-125: Out-of-bounds Read •