CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52595 – wifi: rt2x00: restart beacon queue when hardware reset
https://notcve.org/view.php?id=CVE-2023-52595
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatically stop the queue. If we don't manually stop the beacon queue, the queue will be deadlocked and unable to start again. This patch fixes the issue where Apple devices cannot connect to the AP after calling ieee80211_restart_hw(). En el... • https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52594 – wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
https://notcve.org/view.php?id=CVE-2023-52594
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger than the size of the array txs->txstatus, which is HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug handling code after the check. Make the function return if that is the case. Found by a modified v... • https://git.kernel.org/stable/c/27876a29de221186c9d5883e5fe5f6da18ef9a45 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52591 – reiserfs: Avoid touching renamed directory if parent does not change
https://notcve.org/view.php?id=CVE-2023-52591
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if its parent does not change as without locking that can corrupt the filesystem. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: reiserfs: evite tocar el directorio renombrado si el padre no cambia. El VFS no bloquea... • https://git.kernel.org/stable/c/17e1361cb91dc1325834da95d2ab532959d2debc •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52590 – ocfs2: Avoid touching renamed directory if parent does not change
https://notcve.org/view.php?id=CVE-2023-52590
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change ocfs2 rename code to avoid touching renamed directory if its parent does not change as without locking that can corrupt the filesystem. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ocfs2: evite tocar el directorio renombrado si el padre no cambia. El VFS no bloqueará el direct... • https://git.kernel.org/stable/c/de940cede3c41624e2de27f805b490999f419df9 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52587 – IB/ipoib: Fix mcast list locking
https://notcve.org/view.php?id=CVE-2023-52587
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the `priv->lock` while iterating the `priv->multicast_list` in `ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` to remove the items while in the middle of iteration. If the mcast is removed while the lock was dropped, the for loop spins forever resulting in a hard lockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel): Task A (kworker/u72:2 below) | Task B (kworker/u72:... • https://git.kernel.org/stable/c/4c8922ae8eb8dcc1e4b7d1059d97a8334288d825 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52585 – drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
https://notcve.org/view.php?id=CVE-2023-52585
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: corrige una posible desreferencia NULL en amdgpu_ras_query... • https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52583 – ceph: fix deadlock or deadcode of misusing dget()
https://notcve.org/view.php?id=CVE-2023-52583
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used and the parent dir will always be set from the callers, let's just remove it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ceph: corrige el punto muerto o el código muerto por uso incorrecto de dget() El orden de blo... • https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47083 – pinctrl: mediatek: fix global-out-of-bounds issue
https://notcve.org/view.php?id=CVE-2021-47083
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: fix global-out-of-bounds issue When eint virtual eint number is greater than gpio number, it maybe produce 'desc[eint_n]' size globle-out-of-bounds issue. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: pinctrl: mediatek: soluciona el problema global fuera de los límites Cuando el número eint virtual eint es mayor que el número gpio, puede producir un tamaño 'desc[eint_n]' globle-out- cuestión de fuera de ... • https://git.kernel.org/stable/c/f373298e1bf0c6ea097c0bcc558dc43ad53e421f •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47082 – tun: avoid double free in tun_free_netdev
https://notcve.org/view.php?id=CVE-2021-47082
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving the dev->tstats and tun->security allocs to a new ndo_init routine (tun_net_init()) that will be called by register_netdevice(). ndo_init is paired with the desctructor (tun_free_netdev()), so if there's an error in register_netdevice() the destructor will handle the frees. BUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/... • https://git.kernel.org/stable/c/8eb43d635950e27c29f1e9e49a23b31637f37757 •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52578 – net: bridge: use DEV_STATS_INC()
https://notcve.org/view.php?id=CVE-2023-52578
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in br_handle_frame_finish() [1] This function can run from multiple cpus without mutual exclusion. Adopt SMP safe DEV_STATS_INC() to update dev->stats fields. Handles updates to dev->stats.tx_dropped while we are at it. [1] BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 1: br_handle_fram... • https://git.kernel.org/stable/c/1c29fc4989bc2a3838b2837adc12b8aeb0feeede • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •