CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27043 – media: edia: dvbdev: fix a use-after-free
https://notcve.org/view.php?id=CVE-2024-27043
In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: edia: dvbdev: corregir un use-after-free En dvb_register_device, *pdvbdev se establece igual a dvbdev, que se libera en varias rutas de manejo de errores. • https://git.kernel.org/stable/c/b61901024776b25ce7b8edc31bb1757c7382a88e https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856 https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086 https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644 https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712 https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62 https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27037 – clk: zynq: Prevent null pointer dereference caused by kmalloc failure
https://notcve.org/view.php?id=CVE-2024-27037
In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc() in zynq_clk_setup() will return null if the physical memory has run out. As a result, if we use snprintf() to write data to the null address, the null pointer dereference bug will happen. This patch uses a stack variable to replace the kmalloc(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: zynq: evita la desreferencia del puntero nulo causada por una falla de kmalloc. El kmalloc() en zynq_clk_setup() devolverá nulo si la memoria física se ha agotado. Como resultado, si usamos snprintf() para escribir datos en la dirección nula, se producirá el error de desreferencia del puntero nulo. • https://git.kernel.org/stable/c/0ee52b157b8ed88550ddd6291e54bb4bfabde364 https://git.kernel.org/stable/c/01511ac7be8e45f80e637f6bf61af2d3d2dee9db https://git.kernel.org/stable/c/8c4889a9ea861d7be37463c10846eb75e1b49c9d https://git.kernel.org/stable/c/0801c893fd48cdba66a3c8f44c3fe43cc67d3b85 https://git.kernel.org/stable/c/ca976c6a592f789700200069ef9052493c0b73d8 https://git.kernel.org/stable/c/58a946ab43501f2eba058d24d96af0ad1122475b https://git.kernel.org/stable/c/7938e9ce39d6779d2f85d822cc930f73420e54a6 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52650 – drm/tegra: dsi: Add missing check for of_find_device_by_node
https://notcve.org/view.php?id=CVE-2023-52650
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for of_find_device_by_node Add check for the return value of of_find_device_by_node() and return the error if it fails in order to avoid NULL pointer dereference. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/tegra: dsi: Agregar verificación faltante para of_find_device_by_node Agregue verificación para el valor de retorno de of_find_device_by_node() y devuelva el error si falla para evitar la desreferencia al puntero NULL. • https://git.kernel.org/stable/c/e94236cde4d519cdecd45e2435defba33abdc99f https://git.kernel.org/stable/c/47a13d0b9d8527518639ab5c39667f69d6203e80 https://git.kernel.org/stable/c/f05631a8525c3b5e5994ecb1304d2d878956c0f5 https://git.kernel.org/stable/c/92003981a6df5dc84af8a5904f8ee112fa324129 https://git.kernel.org/stable/c/93128052bf832359531c3c0a9e3567b2b8682a2d https://git.kernel.org/stable/c/50c0ad785a780c72a2fdaba10b38c645ffb4eae6 https://git.kernel.org/stable/c/52aa507148c4aad41436e2005d742ffcafad9976 https://git.kernel.org/stable/c/c5d2342d24ef6e08fc90a529fe3dc59de •
CVSS: -EPSS: 0%CPEs: 12EXPL: 0CVE-2024-27024 – net/rds: fix WARNING in rds_conn_connect_if_down
https://notcve.org/view.php?id=CVE-2024-27024
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rds_conn_connect_if_down If connection isn't established yet, get_mr() will fail, trigger connection after get_mr(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net/rds: solucione la ADVERTENCIA en rds_conn_connect_if_down Si la conexión aún no se ha establecido, get_mr() fallará, activará la conexión después de get_mr(). • https://git.kernel.org/stable/c/584a8279a44a800dea5a5c1e9d53a002e03016b4 https://git.kernel.org/stable/c/952835ccd917682ebb705f89ff1e56fbf068a1d8 https://git.kernel.org/stable/c/783941bd9f445a37c2854ec0b4cb9f9e603193a7 https://git.kernel.org/stable/c/57d2ce1603101ce3f30d0ccdc35b98af08d2ed88 https://git.kernel.org/stable/c/5ba1957f889f575f2a240eafe543c3fda5aa72e0 https://git.kernel.org/stable/c/786854141057751bc08eb26f1b02e97c1631c8f4 https://git.kernel.org/stable/c/997efea2bf3a4adb96c306b9ad6a91442237bf5b https://git.kernel.org/stable/c/9dfc15a10dfd44f8ff7f27488651cb5be •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27020 – netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
https://notcve.org/view.php?id=CVE-2024-27020
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions list in __nft_expr_type_get(). Therefore, there is potential data-race of nf_tables_expressions list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_expressions list in __nft_expr_type_get(), and use rcu_read_lock() in the caller nft_expr_type_get() to protect the entire type query process. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: corrige una posible ejecución de datos en __nft_expr_type_get() nft_unregister_expr() puede concurrente con __nft_expr_type_get(), y no hay ninguna protección cuando se itera sobre la lista nf_tables_expressions en __nft_expr_type_get() . Por lo tanto, existe una posible ejecución de datos en la entrada de la lista nf_tables_expressions. Utilice list_for_each_entry_rcu() para iterar sobre la lista nf_tables_expressions en __nft_expr_type_get() y utilice rcu_read_lock() en el llamador nft_expr_type_get() para proteger todo el proceso de consulta de tipos. • https://git.kernel.org/stable/c/ef1f7df9170dbd875ce198ba84e6ab80f6fc139e https://git.kernel.org/stable/c/939109c0a8e2a006a6cc8209e262d25065f4403a https://git.kernel.org/stable/c/b38a133d37fa421c8447b383d788c9cc6f5cb34c https://git.kernel.org/stable/c/934e66e231cff2b18faa2c8aad0b8cec13957e05 https://git.kernel.org/stable/c/0b6de00206adbbfc6373b3ae38d2a6f197987907 https://git.kernel.org/stable/c/8d56bad42ac4c43c6c72ddd6a654a2628bf839c5 https://git.kernel.org/stable/c/a9ebf340d123ae12582210407f879d6a5a1bc25b https://git.kernel.org/stable/c/01f1a678b05ade4b1248019c2dcca773a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •