CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52876 – clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
https://notcve.org/view.php?id=CVE-2023-52876
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: mediatek: clk-mt7629-eth: Agregar verificación para mtk_alloc_clk_data. Agregue la verificación para el valor de retorno de mtk_alloc_clk_data() para evitar la desreferencia al puntero NULL. • https://git.kernel.org/stable/c/3b5e748615e714711220b2a95d19bd25a037db09 https://git.kernel.org/stable/c/cfa68e0ac5dcde43577adadf6f0f26f3b365ad68 https://git.kernel.org/stable/c/96e9544a0c4faca616b3f9f4034dcd83a14e7f22 https://git.kernel.org/stable/c/c4070ada5d5155c8d4d17ea64bd246949889f25b https://git.kernel.org/stable/c/a540ca0aeae83c2f3964bcb4e383f64ce2ec1783 https://git.kernel.org/stable/c/b20cfe007a46f8c165d42a05c50a8d3d893e6592 https://git.kernel.org/stable/c/1639072f6260babd017556e9f236ca2ad589d1e7 https://git.kernel.org/stable/c/0884393c63cc9a1772f7121a6645ba7bd •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52875 – clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
https://notcve.org/view.php?id=CVE-2023-52875
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: mediatek: clk-mt2701: Agregar verificación para mtk_alloc_clk_data. Agregue la verificación para el valor de retorno de mtk_alloc_clk_data() para evitar la desreferencia al puntero NULL. • https://git.kernel.org/stable/c/e9862118272aa528e35e54ef9f1e35c217870fd7 https://git.kernel.org/stable/c/6fccee2af400edaed9cf349d506c5971d4762739 https://git.kernel.org/stable/c/1953e62366da5460dc712e045f94fb0d8918999d https://git.kernel.org/stable/c/d1461f0c9ca0827c03730fe9652ebbf6316a2a95 https://git.kernel.org/stable/c/001e5def774fa1a8f2b29567c0b0cd3e3a859a96 https://git.kernel.org/stable/c/d1175cf4bd2b4c5f7c43f677ea1ce9ad2c18d055 https://git.kernel.org/stable/c/2a18dd653284550900b02107c3c7b3ac5e0eb802 https://git.kernel.org/stable/c/e61934720af4a58ffd43a63ffdd6f3a0b •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52874 – x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro
https://notcve.org/view.php?id=CVE-2023-52874
In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro In the TDX_HYPERCALL asm, after the TDCALL instruction returns from the untrusted VMM, the registers that the TDX guest shares to the VMM need to be cleared to avoid speculative execution of VMM-provided values. RSI is specified in the bitmap of those registers, but it is missing when zeroing out those registers in the current TDX_HYPERCALL. It was there when it was originally added in commit 752d13305c78 ("x86/tdx: Expand __tdx_hypercall() to handle more arguments"), but was later removed in commit 1e70c680375a ("x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall()"), which was correct because %rsi is later restored in the "pop %rsi". However a later commit 7a3a401874be ("x86/tdx: Drop flags from __tdx_hypercall()") removed that "pop %rsi" but forgot to add the "xor %rsi, %rsi" back. Fix by adding it back. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/tdx: Ponga a cero el RSI que falta en la macro TDX_HYPERCALL. En el conjunto TDX_HYPERCALL, después de que la instrucción TDCALL regresa del VMM que no es de confianza, los registros que el invitado TDX comparte con el VMM necesitan debe borrarse para evitar la ejecución especulativa de los valores proporcionados por VMM. RSI se especifica en el mapa de bits de esos registros, pero falta al poner a cero esos registros en el TDX_HYPERCALL actual. • https://git.kernel.org/stable/c/7a3a401874bea02f568aa416ac29170d8cde0dc2 https://git.kernel.org/stable/c/2191950d35d8f81620ea8d4e04d983f664fe3a8a https://git.kernel.org/stable/c/de4c5bacca4f50233f1f791bec9eeb4dee1b14cd https://git.kernel.org/stable/c/5d092b66119d774853cc9308522620299048a662 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52873 – clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
https://notcve.org/view.php?id=CVE-2023-52873
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: mediatek: clk-mt6779: Agregar verificación para mtk_alloc_clk_data. Agregue la verificación para el valor de retorno de mtk_alloc_clk_data() para evitar la desreferencia al puntero NULL. • https://git.kernel.org/stable/c/710774e048614c761a39a98e8d0fa75f688c83b6 https://git.kernel.org/stable/c/fbe466f06d4ea18745da0d57540539b7b36936ae https://git.kernel.org/stable/c/3994387ba3564976731179c4d4a6d7850ddda71a https://git.kernel.org/stable/c/ca6d565a2319d69d9766e6ecbb5af827fc4afb2b https://git.kernel.org/stable/c/df1c4a9efa3f5b6fb5e0ae63890230dbe2190b7e https://git.kernel.org/stable/c/a90239551abc181687f8c0ba60b276f7d75c141e https://git.kernel.org/stable/c/f6a7c51cf07a399ec067d39f0a22f1817c5c7d2b https://git.kernel.org/stable/c/1f57f78fbacf630430bf954e5a84caafd •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52872 – tty: n_gsm: fix race condition in status line change on dead connections
https://notcve.org/view.php?id=CVE-2023-52872
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix race condition in status line change on dead connections gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all timers, removing the virtual tty devices and clearing the data queues. This procedure, however, may cause subsequent changes of the virtual modem status lines of a DLCI. More data is being added the outgoing data queue and the deleted kick timer is restarted to handle this. At this point many resources have already been removed by the cleanup procedure. Thus, a kernel panic occurs. Fix this by proving in gsm_modem_update() that the cleanup procedure has not been started and the mux is still alive. Note that writing to a virtual tty is already protected by checks against the DLCI specific connection state. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: corrige la condición de ejecución en la línea de estado, cambia en conexiones inactivas gsm_cleanup_mux() limpia el gsm cerrando todos los DLCI, deteniendo todos los temporizadores, eliminando los dispositivos tty virtuales y limpiando el colas de datos. • https://git.kernel.org/stable/c/dd37f657387853623f20c1b2482afbb9cd8ece33 https://git.kernel.org/stable/c/c568f7086c6e771c77aad13d727c70ef70e07243 https://git.kernel.org/stable/c/d834aba5f30d9a6f98f4ca1eb07e501f1989331c https://git.kernel.org/stable/c/692e847a8e6607909c4a3f98ab16ccee7849bd11 https://git.kernel.org/stable/c/81a4dd5e6c78f5d8952fa8c9d36565db1fe01444 https://git.kernel.org/stable/c/df6cfab66ff2a44bd23ad5dd5309cb3421bb6593 https://git.kernel.org/stable/c/19d34b73234af542cc8a218cf398dee73cdb1890 https://git.kernel.org/stable/c/ce4df90333c4fe65acb8b5089fdfe9b95 •