CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52868 – thermal: core: prevent potential string overflow
https://notcve.org/view.php?id=CVE-2023-52868
In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: térmica: núcleo: evita un posible desbordamiento de cadenas. El valor dev->id proviene de ida_alloc(), por lo que es un número entre cero e INT_MAX. Si es demasiado alto, estos sprintf()s se desbordarán. • https://git.kernel.org/stable/c/203d3d4aa482339b4816f131f713e1b8ee37f6dd https://git.kernel.org/stable/c/b55f0a9f865be75ca1019aad331f3225f7b50ce8 https://git.kernel.org/stable/c/6ad1bf47fbe5750c4d5d8e41337665e193e2c521 https://git.kernel.org/stable/c/3091ab943dfc7b2578599b0fe203350286fab5bb https://git.kernel.org/stable/c/3f795fb35c2d8a637efe76b4518216c9319b998c https://git.kernel.org/stable/c/3a8f4e58e1ee707b4f46a1000b40b86ea3dd509c https://git.kernel.org/stable/c/77ff34a56b695e228e6daf30ee30be747973d6e8 https://git.kernel.org/stable/c/0f6b3be28c4d62ef6498133959c722666 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52867 – drm/radeon: possible buffer overflow
https://notcve.org/view.php?id=CVE-2023-52867
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm/radeon: posible desbordamiento del búfer. El búfer 'afmt_status' de tamaño 6 podría desbordarse, ya que el índice 'afmt_idx' se comprueba después del acceso. • https://git.kernel.org/stable/c/5cc4e5fc293bfe2634535f544427e8c6061492a5 https://git.kernel.org/stable/c/112d4b02d94bf9fa4f1d3376587878400dd74783 https://git.kernel.org/stable/c/caaa74541459c4c9e2c10046cf66ad2890483d0f https://git.kernel.org/stable/c/ddc42881f170f1f518496f5a70447501335fc783 https://git.kernel.org/stable/c/7b063c93bece827fde237fae1c101bceeee4e896 https://git.kernel.org/stable/c/347f025a02b3a5d715a0b471fc3b1439c338ad94 https://git.kernel.org/stable/c/341e79f8aec6af6b0061b8171d77b085835c6a58 https://git.kernel.org/stable/c/d9b4fa249deaae1145d6fc2b64dae718e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52866 – HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks()
https://notcve.org/view.php?id=CVE-2023-52866
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks() When CONFIG_HID_UCLOGIC=y and CONFIG_KUNIT_ALL_TESTS=y, launch kernel and then the below user-memory-access bug occurs. In hid_test_uclogic_params_cleanup_event_hooks(),it call uclogic_params_ugee_v2_init_event_hooks() with the first arg=NULL, so when it calls uclogic_params_ugee_v2_has_battery(), the hid_get_drvdata() will access hdev->dev with hdev=NULL, which will cause below user-memory-access. So add a fake_device with quirks member and call hid_set_drvdata() to assign hdev->dev->driver_data which avoids the null-ptr-def bug for drvdata->quirks in uclogic_params_ugee_v2_has_battery(). After applying this patch, the below user-memory-access bug never occurs. general protection fault, probably for non-canonical address 0xdffffc0000000329: 0000 [#1] PREEMPT SMP KASAN KASAN: probably user-memory-access in range [0x0000000000001948-0x000000000000194f] CPU: 5 PID: 2189 Comm: kunit_try_catch Tainted: G B W N 6.6.0-rc2+ #30 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:uclogic_params_ugee_v2_init_event_hooks+0x87/0x600 Code: f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa c7 44 24 30 00 00 00 00 48 c7 44 24 28 02 f8 02 01 48 c1 ea 03 <80> 3c 02 00 0f 85 2c 04 00 00 48 8b 9d 48 19 00 00 48 b8 00 00 00 RSP: 0000:ffff88810679fc88 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000 RDX: 0000000000000329 RSI: ffff88810679fd88 RDI: 0000000000001948 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed1020f639f0 R10: ffff888107b1cf87 R11: 0000000000000400 R12: 1ffff11020cf3f92 R13: ffff88810679fd88 R14: ffff888100b97b08 R15: ffff8881030bb080 FS: 0000000000000000(0000) GS:ffff888119e80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000005286001 CR4: 0000000000770ee0 DR0: ffffffff8fdd6cf4 DR1: ffffffff8fdd6cf5 DR2: ffffffff8fdd6cf6 DR3: ffffffff8fdd6cf7 DR6: 00000000fffe0ff0 DR7: 0000000000000600 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x3d/0xa0 ? exc_general_protection+0x144/0x220 ? asm_exc_general_protection+0x22/0x30 ? • https://git.kernel.org/stable/c/a251d6576d2a29fc0806ef4775719e3b6e672d91 https://git.kernel.org/stable/c/64da1f6147dac7f8499d4937a0d7ea990bf569e8 https://git.kernel.org/stable/c/6c8f953728d75104d994893f58801c457274335a https://git.kernel.org/stable/c/91cfe0bbaa1c434d4271eb6e1d7aaa1fe8d121f6 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52865 – clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
https://notcve.org/view.php?id=CVE-2023-52865
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: mediatek: clk-mt6797: Agregar verificación para mtk_alloc_clk_data Agregue la verificación para el valor de retorno de mtk_alloc_clk_data() para evitar la desreferencia al puntero NULL. • https://git.kernel.org/stable/c/96596aa06628e86ea0e1c08c34b0ccc7619e43ac https://git.kernel.org/stable/c/c26feedbc561f2a3cee1a4f717e61bdbdfb4fa92 https://git.kernel.org/stable/c/4c79cbfb8e9e2311be77182893fda5ea4068c836 https://git.kernel.org/stable/c/2705c5b97f504e831ae1935c05f0e44f80dfa6b3 https://git.kernel.org/stable/c/81b16286110728674dcf81137be0687c5055e7bf https://git.kernel.org/stable/c/3aefc6fcfbada57fac27f470602d5565e5b76cb4 https://git.kernel.org/stable/c/357df1c2f6ace96defd557fad709ed1f9f70e16c https://git.kernel.org/stable/c/be3f12f16038a558f08fa93cc32fa7157 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52864 – platform/x86: wmi: Fix opening of char device
https://notcve.org/view.php?id=CVE-2023-52864
In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, which means that private_data will not be NULL when wmi_char_open() is called. This might cause memory corruption should wmi_char_open() be unable to find its driver, something which can happen when the associated WMI device is deleted in wmi_free_devices(). Fix the problem by using the miscdevice pointer to retrieve the WMI device data associated with a char device using container_of(). This also avoids wmi_char_open() picking a wrong WMI device bound to a driver with the same name as the original driver. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: plataforma/x86: wmi: corrige la apertura del dispositivo char. Desde la confirmación fa1f68db6ca7 ("drivers: misc: pasar el puntero del dispositivo misc a través de datos privados del archivo"), el dispositivo misc almacena un puntero a sí mismo en su interior. filp->private_data, lo que significa que private_data no será NULL cuando se llame a wmi_char_open(). • https://git.kernel.org/stable/c/44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6 https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203 https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453 https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097 https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835e • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •