CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36012 – Bluetooth: msft: fix slab-use-after-free in msft_do_close()
https://notcve.org/view.php?id=CVE-2024-36012
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case: [use] msft_do_close() msft = hdev->msft_data; if (!msft) ...(1) <- passed. return; mutex_lock(&msft->filter_lock); ...(4) <- used after freed. [free] msft_unregister() msft = hdev->msft_data; hdev->msft_data = NULL; ...(2) kfree(msft); ...(3) <- msft is freed. ================================================================== BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30 kernel/locking/mutex.c:752 Read of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: msft: corrija slab-use-after-free en msft_do_close() Vinculando la vida útil de msft->data a hdev liberándolo en hci_release_dev() para solucionar el siguiente caso: [usar] msft_do_close() msft = hdev->msft_data; if (!msft) ...(1) <- aprobado. devolver; mutex_lock(&msft->filter_lock); ...(4) <- usado después de liberado. [gratis] msft_unregister() msft = hdev->msft_data; hdev->msft_data = NULL; ...(2) klibre(msft); ...(3) <- se libera msft. ==================================================== ================ ERROR: KASAN: slab-use-after-free en __mutex_lock_common kernel/locking/mutex.c:587 [en línea] ERROR: KASAN: slab-use-after -free en __mutex_lock+0x8f/0xc30 kernel/locking/mutex.c:752 Lectura de tamaño 8 en addr ffff888106cbbca8 por tarea kworker/u5:2/309 • https://git.kernel.org/stable/c/bf6a4e30ffbd9e9ef8934582feb937f6532f8b68 https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76 https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940 https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56 https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36011 – Bluetooth: HCI: Fix potential null-ptr-deref
https://notcve.org/view.php?id=CVE-2024-36011
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: HCI: Reparar potencial null-ptr-deref Reparar potencial null-ptr-deref en hci_le_big_sync_establecido_evt(). • https://git.kernel.org/stable/c/f777d88278170410b06a1f6633f3b9375a4ddd6b https://git.kernel.org/stable/c/970aaee1d264ff8b6907005f47b8724ad45f1e48 https://git.kernel.org/stable/c/993fffbcc6164a9b9b6446f21f3caa649e3c7346 https://git.kernel.org/stable/c/1f7ebb69c1d65732bcac2fda9d15421f76f01e81 https://git.kernel.org/stable/c/9f3be61f55d4eedc20eedc56c0f04a5ce2b4a55a https://git.kernel.org/stable/c/d2706004a1b8b526592e823d7e52551b518a7941 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36010 – igb: Fix string truncation warnings in igb_set_fw_version
https://notcve.org/view.php?id=CVE-2024-36010
In the Linux kernel, the following vulnerability has been resolved: igb: Fix string truncation warnings in igb_set_fw_version Commit 1978d3ead82c ("intel: fix string truncation warnings") fixes '-Wformat-truncation=' warnings in igb_main.c by using kasprintf. drivers/net/ethernet/intel/igb/igb_main.c:3092:53: warning:‘%d’ directive output may be truncated writing between 1 and 5 bytes into a region of size between 1 and 13 [-Wformat-truncation=] 3092 | "%d.%d, 0x%08x, %d.%d.%d", | ^~ drivers/net/ethernet/intel/igb/igb_main.c:3092:34: note:directive argument in the range [0, 65535] 3092 | "%d.%d, 0x%08x, %d. • https://git.kernel.org/stable/c/1978d3ead82c8e39d739dd4e19b1ea7bf923dfb4 https://git.kernel.org/stable/c/c56d055893cbe97848611855d1c97d0ab171eccc https://access.redhat.com/security/cve/CVE-2024-36010 https://bugzilla.redhat.com/show_bug.cgi?id=2282950 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52879 – tracing: Have trace_event_file have ref counters
https://notcve.org/view.php?id=CVE-2023-52879
In the Linux kernel, the following vulnerability has been resolved: tracing: Have trace_event_file have ref counters The following can crash the kernel: # cd /sys/kernel/tracing # echo 'p:sched schedule' > kprobe_events # exec 5>>events/kprobes/sched/enable # > kprobe_events # exec 5>&- The above commands: 1. Change directory to the tracefs directory 2. Create a kprobe event (doesn't matter what one) 3. Open bash file descriptor 5 on the enable file of the kprobe event 4. Delete the kprobe event (removes the files too) 5. • https://git.kernel.org/stable/c/e6807c873d8791ae5a5186ad05ec66cab926539a https://git.kernel.org/stable/c/407bf1c140f0757706c0b28604bcc90837d45ce2 https://git.kernel.org/stable/c/fa6d449e4d024d8c17f4288e0567d28ace69415c https://git.kernel.org/stable/c/a46bf337a20f9edd3c8041b025639842280d0575 https://git.kernel.org/stable/c/9beec04370132a7a6cd1aa9897f6fffc6262ff28 https://git.kernel.org/stable/c/f5ca233e2e66dc1c249bf07eefa37e34a6c9346a https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cf •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52878 – can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds
https://notcve.org/view.php?id=CVE-2023-52878
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the "struct can_priv::echoo_skb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a meaningful warning message and return with an error. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: dev: can_put_echo_skb(): no bloquee el kernel si se accede a can_priv::echo_skb fuera de los límites. Si se accede a "struct can_priv::echoo_skb" fuera de los límites, esto provocaría un fallo del kernel. En su lugar, emita un mensaje de advertencia significativo y regrese con un error. • https://git.kernel.org/stable/c/a6e4bc5304033e434fabccabb230b8e9ff55d76f https://git.kernel.org/stable/c/826120c9ba68f2d0dbae58e99013929c883d1444 https://git.kernel.org/stable/c/0d30931f1fa0fb893fb7d5dc32b6b7edfb775be4 https://git.kernel.org/stable/c/53c468008a7c9ca3f5fc985951f35ec2acae85bc https://git.kernel.org/stable/c/8ab67da060157362b2e0926692c659808784708f https://git.kernel.org/stable/c/6411959c10fe917288cbb1038886999148560057 https://access.redhat.com/security/cve/CVE-2023-52878 https://bugzilla.redhat.com/show_bug.cgi?id=2282680 • CWE-125: Out-of-bounds Read •