CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52905 – octeontx2-pf: Fix resource leakage in VF driver unbind
https://notcve.org/view.php?id=CVE-2023-52905
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc feature are not getting freed in driver unbind. This patch fixes the issue. In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc ... • https://git.kernel.org/stable/c/2da48943274712fc3204089d9a97078350765635 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52904 – ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()
https://notcve.org/view.php?id=CVE-2023-52904
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth... • https://git.kernel.org/stable/c/bfd36b1d1869859af7ba94dc95ec05e74f40d0b7 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52903 – io_uring: lock overflowing for IOPOLL
https://notcve.org/view.php?id=CVE-2023-52903
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 CPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0 Workqueue: events_unbound io_ring_exit_work Call trace: io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 io_req_cqe_overflow+0x5c/0x70 ... • https://git.kernel.org/stable/c/de77faee280163ff03b7ab64af6c9d779a43d4c4 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52902 – nommu: fix memory leak in do_mmap() error path
https://notcve.org/view.php?id=CVE-2023-52902
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in do_mmap() error path The preallocation of the maple tree nodes may leak if the error path to "error_just_free" is taken. Fix this by moving the freeing of the maple tree nodes to a shared location for all error paths. In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in do_mmap() error path The preallocation of the maple tree nodes may leak if the error path to "error_just_f... • https://git.kernel.org/stable/c/8220543df1489ef96c3d4e8b0b3b03c340e3943e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52901 – usb: xhci: Check endpoint is valid before dereferencing it
https://notcve.org/view.php?id=CVE-2023-52901
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an invalid endpoint. Fix this by using xhci_get_virt_ep() helper to find the endpoint and checking if the endpoint is valid before dereferencing it. [233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead [... • https://git.kernel.org/stable/c/50e8725e7c429701e530439013f9681e1fa36b5d •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52900 – nilfs2: fix general protection fault in nilfs_btree_insert()
https://notcve.org/view.php?id=CVE-2023-52900
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling __nilfs_btree_get_block() against an invalid virtual block address, it returns -ENOENT because conversion of the virtual block address to a disk block address fails. However, this return value is the same as the internal code that b-tree lookup routines return to indicate that the block being ... • https://git.kernel.org/stable/c/3c2a2ff67d46106715c2132021b98bd057c27545 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52899 – Add exception protection processing for vd in axi_chan_handle_err function
https://notcve.org/view.php?id=CVE-2023-52899
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in axi_chan_handle_err function Since there is no protection for vd, a kernel panic will be triggered here in exceptional cases. You can refer to the processing of axi_chan_block_xfer_complete function The triggered kernel panic is as follows: [ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 [ 67.848447] Mem abort info: [ 67.848449] ESR = 0x96000004 ... • https://git.kernel.org/stable/c/f534dc438828cc3f1f8c6895b8bdfbef079521fb •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52898 – xhci: Fix null pointer dereference when host dies
https://notcve.org/view.php?id=CVE-2023-52898
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev() which frees the xhci->devs[slot_id] virt device at the same time that xhci_kill_endpoint_urbs() tries to loop through all the device's endpoints, checking if there are any cancelled urbs left to give back. hold the xhci spinlock whi... • https://git.kernel.org/stable/c/6fac4b5cecb3928a0a81069aaa815a2edc8dd5a1 •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52897 – btrfs: qgroup: do not warn on record without old_roots populated
https://notcve.org/view.php?id=CVE-2023-52897
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: do not warn on record without old_roots populated [BUG] There are some reports from the mailing list that since v6.1 kernel, the WARN_ON() inside btrfs_qgroup_account_extent() gets triggered during rescan: WARNING: CPU: 3 PID: 6424 at fs/btrfs/qgroup.c:2756 btrfs_qgroup_account_extents+0x1ae/0x260 [btrfs] CPU: 3 PID: 6424 Comm: snapperd Tainted: P OE 6.1.2-1-default #1 openSUSE Tumbleweed 05c7a1b1b61d5627475528f71f50444637b5a... • https://git.kernel.org/stable/c/e15e9f43c7ca25603fcf4c20d44ec777726f1034 •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52896 – btrfs: fix race between quota rescan and disable leading to NULL pointer deref
https://notcve.org/view.php?id=CVE-2023-52896
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota rescan worker while another one is trying to disable quotas, we can end up hitting a race that results in the quota rescan worker doing a NULL pointer dereference. The steps for this are the following: 1) Quotas are enabled; 2) Task A calls the quota rescan ioctl and enters btrfs_qgroup_rescan(). It calls qgroup_resca... • https://git.kernel.org/stable/c/26b3901d20bf9da2c6a00cb1fb48932166f80a45 •