CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48776 – mtd: parsers: qcom: Fix missing free for pparts in cleanup
https://notcve.org/view.php?id=CVE-2022-48776
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix missing free for pparts in cleanup Mtdpart doesn't free pparts when a cleanup function is declared. Add missing free for pparts in cleanup function for smem to fix the leak. In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix missing free for pparts in cleanup Mtdpart doesn't free pparts when a cleanup function is declared. Add missing free for pparts in cleanup function for sm... • https://git.kernel.org/stable/c/10f3b4d79958d6f9f71588c6fa862159c83fa80f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48775 – Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
https://notcve.org/view.php?id=CVE-2022-48775
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add(): If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Fix memory leak by calling kobject_put(). In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vm... • https://git.kernel.org/stable/c/c2e5df616e1ae6c2a074cb241ebb65a318ebaf7c •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48774 – dmaengine: ptdma: Fix the error handling path in pt_core_init()
https://notcve.org/view.php?id=CVE-2022-48774
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ptdma: Fix the error handling path in pt_core_init() In order to free resources correctly in the error handling path of pt_core_init(), 2 goto's have to be switched. Otherwise, some resources will leak and we will try to release things that have not been allocated yet. Also move a dev_err() to a place where it is more meaningful. In the Linux kernel, the following vulnerability has been resolved: dmaengine: ptdma: Fix the error h... • https://git.kernel.org/stable/c/fa5d823b16a9442d609617abeec31da8b6afa224 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48773 – xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
https://notcve.org/view.php?id=CVE-2022-48773
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create If there are failures then we must not leave the non-NULL pointers with the error value, otherwise `rpcrdma_ep_destroy` gets confused and tries free them, resulting in an Oops. In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create If there are failures then we must not leave the non-NULL pointers wi... • https://git.kernel.org/stable/c/1e7433fb95ccc01629a5edaa4ced0cd8c98d0ae0 • CWE-476: NULL Pointer Dereference •
CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-52886 – USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()
https://notcve.org/view.php?id=CVE-2023-52886
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() Syzbot reported an out-of-bounds read in sysfs.c:read_descriptors(): BUG: KASAN: slab-out-of-bounds in read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Read of size 8 at addr ffff88801e78b8c8 by task udevd/5011 CPU: 0 PID: 5011 Comm: udevd Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine... • https://git.kernel.org/stable/c/218925bfd5d1436e337c4f961e9c149fbe32de6d •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41008 – drm/amdgpu: change vm->task_info handling
https://notcve.org/view.php?id=CVE-2024-41008
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm->task_info handling This patch changes the handling and lifecycle of vm->task_info object. The major changes are: - vm->task_info is a dynamically allocated ptr now, and its uasge is reference counted. - introducing two new helper funcs for task_info lifecycle management - amdgpu_vm_get_task_info: reference counts up task_info before returning this info - amdgpu_vm_put_task_info: reference counts down task_info - last ... • https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41007 – tcp: avoid too many retransmit packets
https://notcve.org/view.php?id=CVE-2024-41007
15 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_ti... • https://git.kernel.org/stable/c/b701a99e431db784714c32fc6b68123045714679 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52885 – SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
https://notcve.org/view.php?id=CVE-2023-52885
14 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed listener svc_sock in sk_user_data which cloning from parent. In the race window, if data is received on the newsock, we will observe use-after-free report in svc_tcp_listen_data_ready(). Reproduce by two tasks: 1. while :; do rpc.nfsd 0 ... • https://git.kernel.org/stable/c/fa9251afc33c81606d70cfe91800a779096442ec •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-41006 – netrom: Fix a memory leak in nr_heartbeat_expiry()
https://notcve.org/view.php?id=CVE-2024-41006
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a memory leak in nr_heartbeat_expiry() syzbot reported a memory leak in nr_create() [0]. Commit 409db27e3a2e ("netrom: Fix use-after-free of a listening socket.") added sock_hold() to the nr_heartbeat_expiry() function, where a) a socket has a SOCK_DESTROY flag or b) a listening socket has a SOCK_DEAD flag. But in the case "a," when the SOCK_DESTROY flag is set, the file descriptor has already been closed and the nr_release() fu... • https://git.kernel.org/stable/c/a31caf5779ace8fa98b0d454133808e082ee7a1b •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41005 – netpoll: Fix race condition in netpoll_owner_active
https://notcve.org/view.php?id=CVE-2024-41005
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)