CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52799 – jfs: fix array-index-out-of-bounds in dbFindLeaf
https://notcve.org/view.php?id=CVE-2023-52799
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp->dm_stree. To add the required check for out of bound we first need to determine the type of dmtree. Thus added an extra parameter to dbFindLeaf so that the type of tree can be determined and the required check can be applied. En el kernel de Linux, se resolvió la sigu... • https://git.kernel.org/stable/c/20f9310a18e3e99fc031e036fcbed67105ae1859 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52798 – wifi: ath11k: fix dfs radar event locking
https://notcve.org/view.php?id=CVE-2023-52798
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix dfs radar event locking The ath11k active pdevs are protected by RCU but the DFS radar event handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: ath11k: corrige el bloqueo de ev... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52797 – drivers: perf: Check find_first_bit() return value
https://notcve.org/view.php?id=CVE-2023-52797
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Check find_first_bit() return value We must check the return value of find_first_bit() before using the return value as an index array since it happens to overflow the array and then panic: [ 107.318430] Kernel BUG [#1] [ 107.319434] CPU: 3 PID: 1238 Comm: kill Tainted: G E 6.6.0-rc6ubuntu-defconfig #2 [ 107.319465] Hardware name: riscv-virtio,qemu (DT) [ 107.319551] epc : pmu_sbi_ovf_handler+0x3a4/0x3ae [ 107.319840] ra : pm... • https://git.kernel.org/stable/c/4905ec2fb7e6421c14c9fb7276f5aa92f60f2b98 •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52796 – ipvlan: add ipvlan_route_v6_outbound() helper
https://notcve.org/view.php?id=CVE-2023-52796
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlan_route_v6_outbound() helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlan_process_v6_outbound() by moving the flowi6 struct used for the route lookup in an non inlined helper. ipvlan_route_v6_outbound() needs 120 bytes on the stack, immediately reclaimed. Also make sure ipvlan_process_v4_outbound() is not inlined. We might also have to lower MAX_NEST_DEV, because on... • https://git.kernel.org/stable/c/2ad7bf3638411cb547f2823df08166c13ab04269 • CWE-121: Stack-based Buffer Overflow •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52791 – i2c: core: Run atomic i2c xfer when !preemptible
https://notcve.org/view.php?id=CVE-2023-52791
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() while waiting for the DMA). panic() calls preempt_disable_notrace() before calling emergency_restart(). Therefore, if an i2c device is used for the restart, the xfer should be atomic. This avoids warnings like: [ 12.667612] WARNING: CP... • https://git.kernel.org/stable/c/bae1d3a05a8b99bd748168bbf8155a1d047c562e • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52789 – tty: vcc: Add check for kstrdup() in vcc_probe()
https://notcve.org/view.php?id=CVE-2023-52789
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: vcc: Add check for kstrdup() in vcc_probe() Add check for the return value of kstrdup() and return the error, if it fails in order to avoid NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: vcc: Agregar verificación para kstrdup() en vcc_probe(). Agregar verificación para el valor de retorno de kstrdup() y devolver el error, si falla, para evitar la desreferencia de puntero NULL . In the ... • https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52788 – i915/perf: Fix NULL deref bugs with drm_dbg() calls
https://notcve.org/view.php?id=CVE-2023-52788
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i915/perf: Fix NULL deref bugs with drm_dbg() calls When i915 perf interface is not available dereferencing it will lead to NULL dereferences. As returning -ENOTSUPP is pretty clear return when perf interface is not available. [tursulin: added stable tag] (cherry picked from commit 36f27350ff745bd228ab04d7845dfbffc177a889) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i915/perf: corrige errores de desreferencia NULL con... • https://git.kernel.org/stable/c/9b344cf6aea0a69c00e19efdc6e02c6d5aae1a23 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52787 – blk-mq: make sure active queue usage is held for bio_integrity_prep()
https://notcve.org/view.php?id=CVE-2023-52787
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: make sure active queue usage is held for bio_integrity_prep() blk_integrity_unregister() can come if queue usage counter isn't held for one bio with integrity prepared, so this request may be completed with calling profile->complete_fn, then kernel panic. Another constraint is that bio_integrity_prep() needs to be called before bio merge. Fix the issue by: - call bio_integrity_prep() with one queue usage counter grabbed reliably - c... • https://git.kernel.org/stable/c/900e080752025f0016128f07c9ed4c50eba3654b •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52784 – bonding: stop the device in bond_setup_by_slave()
https://notcve.org/view.php?id=CVE-2023-52784
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. In the following splat [1], the issue is that a lapbether device has been created on a bonding device without members. Then adding a non ARPHRD_ETHER member forced the bonding master to change its type. The fix is to make sure we call dev_close() in bond_setup_b... • https://git.kernel.org/stable/c/872254dd6b1f80cb95ee9e2e22980888533fc293 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0CVE-2023-52781 – usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
https://notcve.org/view.php?id=CVE-2023-52781
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usb_get_bos_descriptor()' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usb_get_bos_descriptor()' encounters an iteration issue when skipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in the same descriptor being read repeatedly. To address this issue, a 'goto' statement is introduced to ensure that the ... • https://git.kernel.org/stable/c/3dd550a2d36596a1b0ee7955da3b611c031d3873 • CWE-20: Improper Input Validation •