CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52703 – net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
https://notcve.org/view.php?id=CVE-2023-52703
In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path syzbot reported that act_len in kalmia_send_init_packet() is uninitialized when passing it to the first usb_bulk_msg error path. Jiri Pirko noted that it's pointless to pass it in the error path, and that the value that would be printed in the second error path would be the value of act_len from the first call to usb_bulk_msg.[1] With this in mind, let's just not pass act_len to the usb_bulk_msg error paths. 1: https://lore.kernel.org/lkml/Y9pY61y1nwTuzMOa@nanopsycho/ En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net/usb: kalmia: No pasar act_len en la ruta de error usb_bulk_msg syzbot informó que act_len en kalmia_send_init_packet() no está inicializado al pasarlo a la primera ruta de error usb_bulk_msg. Jiri Pirko señaló que no tiene sentido pasarlo en la ruta de error y que el valor que se imprimiría en la segunda ruta de error sería el valor de act_len de la primera llamada a usb_bulk_msg.[1] Con esto en mente, simplemente no pasemos act_len a las rutas de error usb_bulk_msg. 1: https://lore.kernel.org/lkml/Y9pY61y1nwTuzMOa@nanopsycho/ • https://git.kernel.org/stable/c/d40261236e8e278cb1936cb5e934262971692b10 https://git.kernel.org/stable/c/1b5de7d44890b78519acbcc80d8d1f23ff2872e5 https://git.kernel.org/stable/c/723ef7b66f37c0841f5a451ccbce47ee1641e081 https://git.kernel.org/stable/c/a753352622b4f3c0219e0e9c73114b2848ae6042 https://git.kernel.org/stable/c/525bdcb0838d19d918c7786151ee14661967a030 https://git.kernel.org/stable/c/338f826d3afead6e4df521f7972a4bef04a72efb https://git.kernel.org/stable/c/02df3170c04a8356cd571ab9155a42f030190abc https://git.kernel.org/stable/c/c68f345b7c425b38656e1791a0486769a • CWE-15: External Control of System or Configuration Setting •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52700 – tipc: fix kernel warning when sending SYN message
https://notcve.org/view.php?id=CVE-2023-52700
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630] <TASK> [ 13.398630] ? __alloc_skb+0xed/0x1a0 [ 13.398630] tipc_msg_build+0x12c/0x670 [tipc] [ 13.398630] ? shmem_add_to_page_cache.isra.71+0x151/0x290 [ 13.398630] __tipc_sendmsg+0x2d1/0x710 [tipc] [ 13.398630] ? tipc_connect+0x1d9/0x230 [tipc] [ 13.398630] ? __local_bh_enable_ip+0x37/0x80 [ 13.398630] tipc_connect+0x1d9/0x230 [tipc] [ 13.398630] ? • https://git.kernel.org/stable/c/f25dcc7687d42a72de18aa41b04990a24c9e77c7 https://git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32 https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc https://access.redhat.com/security/cve/CVE-2023-52700 https://bugzilla.redhat.com/show_bug.cgi?id=2282609 • CWE-20: Improper Input Validation •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48708 – pinctrl: single: fix potential NULL dereference
https://notcve.org/view.php?id=CVE-2022-48708
In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference Added checking of pointer "function" in pcs_set_mux(). pinmux_generic_get_function() can return NULL and the pointer "function" was dereferenced without checking against NULL. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: single: corrige una posible desreferencia NULL. Se agregó la verificación de la "función" del puntero en pcs_set_mux(). pinmux_generic_get_function() puede devolver NULL y se eliminó la referencia al puntero "función" sin compararlo con NULL. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/571aec4df5b72a80f80d1e524da8fbd7ff525c98 https://git.kernel.org/stable/c/1177bdafe87cbe543a2dc48a9bbac265aa5864db https://git.kernel.org/stable/c/e671e63587c92b3fd767cf82e73129f6d5feeb33 https://git.kernel.org/stable/c/2b763f7de108cb1a5ad5ed08e617d677341947cb https://git.kernel.org/stable/c/6e2a0521e4e84a2698f2da3950fb5c5496a4d208 https://git.kernel.org/stable/c/71668706fbe7d20e6f172fa3287fa8aac1b56c26 https://git.kernel.org/stable/c/bcc487001a15f71f103d102cba4ac8145d7a68f2 https://git.kernel.org/stable/c/d2d73e6d4822140445ad4a7b1c6091e0f •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48706 – vdpa: ifcvf: Do proper cleanup if IFCVF init fails
https://notcve.org/view.php?id=CVE-2022-48706
In the Linux kernel, the following vulnerability has been resolved: vdpa: ifcvf: Do proper cleanup if IFCVF init fails ifcvf_mgmt_dev leaks memory if it is not freed before returning. Call is made to correct return statement so memory does not leak. ifcvf_init_hw does not take care of this so it is needed to do it here. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: vdpa: ifcvf: realice una limpieza adecuada si falla el inicio de IFCVF. ifcvf_mgmt_dev pierde memoria si no se libera antes de regresar. Se realiza una llamada para corregir la declaración de devolución para que no se pierda memoria. ifcvf_init_hw no se encarga de esto, por lo que es necesario hacerlo aquí. • https://git.kernel.org/stable/c/5d2cc32c1c10bd889125d2adc16a6bc3338dcd3e https://git.kernel.org/stable/c/6b04456e248761cf68f562f2fd7c04e591fcac94 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47431 – drm/amdgpu: fix gart.bo pin_count leak
https://notcve.org/view.php?id=CVE-2021-47431
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gart.bo pin_count leak gmc_v{9,10}_0_gart_disable() isn't called matched with correspoding gart_enbale function in SRIOV case. This will lead to gart.bo pin_count leak on driver unload. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: corrige la fuga de pin_count de gart.bo gmc_v{9,10}_0_gart_disable() no se llama y coincide con la función gart_enbale correspondiente en el caso SRIOV. Esto provocará una pérdida de pin_count de gart.bo al descargar el controlador. • https://git.kernel.org/stable/c/83d857d6b0967b6709cd38750c3ce2ed8ced1a95 https://git.kernel.org/stable/c/621ddffb70db824eabd63d18ac635180fe9500f9 https://git.kernel.org/stable/c/18d1c5ea3798ba42cfa0f8b2264d873463facb03 https://git.kernel.org/stable/c/66805763a97f8f7bdf742fc0851d85c02ed9411f •