CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2024-36015 – ppdev: Add an error check in register_device
https://notcve.org/view.php?id=CVE-2024-36015
In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be checked after ida_simple_get. When the index value is abnormal, a warning message should be printed, the port should be dropped, and the value should be recorded. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ppdev: agregue una verificación de errores en Register_device. En Register_device, el valor de retorno de ida_simple_get no está marcado, por lo que ida_simple_get usará un valor de índice no válido. Para solucionar este problema, se debe verificar el índice después de ida_simple_get. • https://git.kernel.org/stable/c/9a69645dde1188723d80745c1bc6ee9af2cbe2a7 https://git.kernel.org/stable/c/9c2b46e720d5b083268ca0131f513a90696f3a82 https://git.kernel.org/stable/c/762602796be626cbb6b3a6573e00b9ee7db00c97 https://git.kernel.org/stable/c/65cd017d43f4319a56747d38308b0a24cf57299e https://git.kernel.org/stable/c/b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9 https://git.kernel.org/stable/c/d32caf51379a4d71db03d3d4d7c22d27cdf7f68b https://git.kernel.org/stable/c/b65d0410b879af0295d22438a4a32012786d152a https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa5 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-36014 – drm/arm/malidp: fix a possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-36014
In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_reset. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/arm/malidp: corrige una posible desreferencia del puntero nulo En malidp_mw_connector_reset, se asigna nueva memoria con kzalloc, pero no se realiza ninguna verificación. Para evitar la desreferenciación del puntero nulo, asegúrese de que mw_state esté marcado antes de llamar a __drm_atomic_helper_connector_reset. • https://git.kernel.org/stable/c/8cbc5caf36ef7a299b5cbedf55f27fd898d700bf https://git.kernel.org/stable/c/b6cc5dd06336ed8bb3a7a1fc5aaf7d5e88bc0818 https://git.kernel.org/stable/c/565d9ad7e5a18eb69ed8b66a9e9bb3f45346520c https://git.kernel.org/stable/c/a5fa5b40a278a3ca978fed64707bd27614adb1eb https://git.kernel.org/stable/c/3e54d4e95120641216dfe91a6c49f116a9f68490 https://git.kernel.org/stable/c/e4b52d49383306ef73fd1bd9102538beebb0fe07 https://git.kernel.org/stable/c/335cc45ef2b81b68be63c698b4f867a530bdf7a5 https://git.kernel.org/stable/c/b77620730f614059db2470e8ebab3e725 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52880 – tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
https://notcve.org/view.php?id=CVE-2023-52880
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to do that. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: requiere CAP_NET_ADMIN para adjuntar el ldisc N_GSM0710. Cualquier usuario sin privilegios puede adjuntar el ldisc N_GSM0710, pero de todos modos requiere CAP_NET_ADMIN para crear una red GSM. Requiere el espacio de nombres inicial CAP_NET_ADMIN para hacer eso. • https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58 https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167 https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024&# • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36013 – Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
https://notcve.org/view.php?id=CVE-2024-36013
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect ┌ mutex_lock(&conn->chan_lock); │ chan = pchan->ops->new_connection(pchan); <- alloc chan │ __l2cap_chan_add(conn, chan); │ l2cap_chan_hold(chan); │ list_add(&chan->list, &conn->chan_l); ... (1) └ mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del ┌ mutex_lock(&conn->chan_lock); │ foreach chan in conn->chan_l: ... (2) │ l2cap_chan_put(chan); │ l2cap_chan_destroy │ kfree(chan) ... (3) <- chan freed └ mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: L2CAP: corrige slab-use-after-free en l2cap_connect() Amplia una sección crítica para evitar que chan se libere anticipadamente. También anule el tipo de retorno l2cap_connect(). Nada utiliza el valor devuelto, pero es feo devolver un puntero potencialmente liberado. • https://git.kernel.org/stable/c/73ffa904b78287f6acf8797e040150aa26a4af4a https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5 https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6 https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658 http://www.openwall.com/lists/oss-security/2024/05/30/1 http://www.openwall.com/lists/oss-security/2024/05/30/2 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36012 – Bluetooth: msft: fix slab-use-after-free in msft_do_close()
https://notcve.org/view.php?id=CVE-2024-36012
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case: [use] msft_do_close() msft = hdev->msft_data; if (!msft) ...(1) <- passed. return; mutex_lock(&msft->filter_lock); ...(4) <- used after freed. [free] msft_unregister() msft = hdev->msft_data; hdev->msft_data = NULL; ...(2) kfree(msft); ...(3) <- msft is freed. ================================================================== BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30 kernel/locking/mutex.c:752 Read of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: msft: corrija slab-use-after-free en msft_do_close() Vinculando la vida útil de msft->data a hdev liberándolo en hci_release_dev() para solucionar el siguiente caso: [usar] msft_do_close() msft = hdev->msft_data; if (!msft) ...(1) <- aprobado. devolver; mutex_lock(&msft->filter_lock); ...(4) <- usado después de liberado. [gratis] msft_unregister() msft = hdev->msft_data; hdev->msft_data = NULL; ...(2) klibre(msft); ...(3) <- se libera msft. ==================================================== ================ ERROR: KASAN: slab-use-after-free en __mutex_lock_common kernel/locking/mutex.c:587 [en línea] ERROR: KASAN: slab-use-after -free en __mutex_lock+0x8f/0xc30 kernel/locking/mutex.c:752 Lectura de tamaño 8 en addr ffff888106cbbca8 por tarea kworker/u5:2/309 • https://git.kernel.org/stable/c/bf6a4e30ffbd9e9ef8934582feb937f6532f8b68 https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76 https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940 https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56 https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac •