CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27074 – media: go7007: fix a memleak in go7007_load_encoder
https://notcve.org/view.php?id=CVE-2024-27074
In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without a deallocation thereafter. After the following call chain: saa7134_go7007_init |-> go7007_boot_encoder |-> go7007_load_encoder |-> kfree(go) go is freed and thus bounce is leaked. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: go7007: corrige una fuga de memoria en go7007_load_encoder En go7007_load_encoder, el rebote (es decir, go->boot_fw) se asigna sin una desasignación posterior. Después de la siguiente cadena de llamadas: saa7134_go7007_init |-> go7007_boot_encoder |-> go7007_load_encoder |-> kfree(go) go se libera y, por lo tanto, se filtra el rebote. • https://git.kernel.org/stable/c/95ef39403f890360a3e48fe550d8e8e5d088ad74 https://git.kernel.org/stable/c/7f11dd3d165b178e738fe73dfeea513e383bedb5 https://git.kernel.org/stable/c/291cda0b805fc0d6e90d201710311630c8667159 https://git.kernel.org/stable/c/b49fe84c6cefcc1c2336d793b53442e716c95073 https://git.kernel.org/stable/c/790fa2c04dfb9f095ec372bf17909424d6e864b3 https://git.kernel.org/stable/c/e04d15c8bb3e111dd69f98894acd92d63e87aac3 https://git.kernel.org/stable/c/f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975 https://git.kernel.org/stable/c/d43988a23c32588ccd0c74219637afb96 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27073 – media: ttpci: fix two memleaks in budget_av_attach
https://notcve.org/view.php?id=CVE-2024-27073
In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init does. Besides, there are two fixme comment refers to such deallocations. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: ttpci: corrige dos fugas de mem en Budget_av_attach Cuando fallan saa7146_register_device y saa7146_vv_init, Budget_av_attach debería liberar los recursos que asigna, como lo hace el manejo de errores de ttpci_budget_init. Además, hay dos comentarios fijos que se refieren a dichas desasignaciones. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016 https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0 https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06 https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63 https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27072 – media: usbtv: Remove useless locks in usbtv_video_free()
https://notcve.org/view.php?id=CVE-2024-27072
In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000 Also remove usbtv_stop() call since it will be called when unregistering the device. Before 'c838530d230b' this issue would only be noticed if you disconnect while streaming and now it is noticeable even when disconnecting while not streaming. [hverkuil: fix minor spelling mistake in log message] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: usbtv: Eliminar bloqueos inútiles en usbtv_video_free() Eliminar llamadas de bloqueos en usbtv_video_free() porque son inútiles y pueden provocar un punto muerto como se informa aquí: https://syzkaller.appspot .com/x/bisect.txt?x=166dc872180000 También elimine la llamada usbtv_stop() ya que se llamará al cancelar el registro del dispositivo. Antes de 'c838530d230b', este problema solo se notaba si se desconectaba mientras se transmitía y ahora se nota incluso cuando se desconecta mientras no se transmite. [hverkuil: corrige un error ortográfico menor en el mensaje de registro] • https://git.kernel.org/stable/c/f3d27f34fdd7701e499617d2c1d94480a98f6d07 https://git.kernel.org/stable/c/3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2 https://git.kernel.org/stable/c/65e6a2773d655172143cc0b927cdc89549842895 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52653 – SUNRPC: fix a memleak in gss_import_v2_context
https://notcve.org/view.php?id=CVE-2023-52653
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error. Thus, this patch reform the last call of gss_import_v2_context to the gss_krb5_import_ctx_v2, preventing the memleak while keepping the return formation. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: SUNRPC: corrige una fuga de memport en gss_import_v2_context El ctx->mech_used.data asignado por kmemdup no se libera ni en gss_import_v2_context ni solo en el llamador gss_krb5_import_sec_context, lo que libera a ctx en caso de error. Por lo tanto, este parche reforma la última llamada de gss_import_v2_context a gss_krb5_import_ctx_v2, evitando la fuga de memoria y manteniendo la formación de retorno. • https://git.kernel.org/stable/c/47d84807762966c3611c38adecec6ea703ddda7a https://git.kernel.org/stable/c/99044c01ed5329e73651c054d8a4baacdbb1a27c https://git.kernel.org/stable/c/47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4 https://git.kernel.org/stable/c/d111e30d9cd846bb368faf3637dc0f71fcbcf822 https://git.kernel.org/stable/c/e67b652d8e8591d3b1e569dbcdfcee15993e91fa https://access.redhat.com/security/cve/CVE-2023-52653 https://bugzilla.redhat.com/show_bug.cgi?id=2278515 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52652 – NTB: fix possible name leak in ntb_register_device()
https://notcve.org/view.php?id=CVE-2023-52652
In the Linux kernel, the following vulnerability has been resolved: NTB: fix possible name leak in ntb_register_device() If device_register() fails in ntb_register_device(), the device name allocated by dev_set_name() should be freed. As per the comment in device_register(), callers should use put_device() to give up the reference in the error path. So fix this by calling put_device() in the error path so that the name can be freed in kobject_cleanup(). As a result of this, put_device() in the error path of ntb_register_device() is removed and the actual error is returned. [mani: reworded commit message] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NTB: corrige una posible fuga de nombre en ntb_register_device() Si device_register() falla en ntb_register_device(), se debe liberar el nombre del dispositivo asignado por dev_set_name(). Según el comentario en device_register(), las personas que llaman deben usar put_device() para abandonar la referencia en la ruta de error. Así que solucione este problema llamando a put_device() en la ruta del error para que el nombre pueda liberarse en kobject_cleanup(). • https://git.kernel.org/stable/c/a1bd3baeb2f18b2b3d0f98ce5fdaa725149b950b https://git.kernel.org/stable/c/a62b9f3d7bbfac874cc0c638bc1776dcf1f8ec06 https://git.kernel.org/stable/c/6632a54ac8057cc0b0d789c6f73883e871bcd25c https://git.kernel.org/stable/c/a039690d323221eb5865f1f31db3ec264e7a14b6 https://git.kernel.org/stable/c/e8025439ef8e16029dc313d78a351ef192469b7b https://git.kernel.org/stable/c/913421f9f7fd8324dcc41753d0f28b52e177ef04 https://git.kernel.org/stable/c/aebfdfe39b9327a3077d0df8db3beb3160c9bdd0 •