CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-52530 – wifi: mac80211: fix potential key use-after-free
https://notcve.org/view.php?id=CVE-2023-52530
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by... • https://git.kernel.org/stable/c/fdf7cb4185b60c68e1a75e61691c4afdc15dea0e • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52528 – net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
https://notcve.org/view.php?id=CVE-2023-52528
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline] BUG: KMSAN: uninit-value in smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 CPU: 0 PID: 8696 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google... • https://git.kernel.org/stable/c/d0cad871703b898a442e4049c532ec39168e5b57 • CWE-252: Unchecked Return Value •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52527 – ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
https://notcve.org/view.php?id=CVE-2023-52527
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including the transhdrlen in length is a problem when the packet is partially filled (e.g. something like send(MSG_MORE) happened previously) when appending to an IPv4 or IPv6 packet as we don't want to repeat the transport header or account for it twice. This can happen under some circumstances, such as splicing into an L2TP socket. The symptom observed is a warning in __ip6... • https://git.kernel.org/stable/c/a32e0eec7042b21ccb52896cf715e3e2641fed93 •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52525 – wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
https://notcve.org/view.php?id=CVE-2023-52525
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet Only skip the code path trying to access the rfc1042 headers when the buffer is too small, so the driver can still process packets without rfc1042 headers. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mwifiex: corrige la condición de verificación de oob en mwifiex_process_rx_packet Solo omita la ruta del código al intentar acceder a los encabezad... • https://git.kernel.org/stable/c/f517c97fc129995de77dd06aa5a74f909ebf568f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52522 – net: fix possible store tearing in neigh_periodic_work()
https://notcve.org/view.php?id=CVE-2023-52522
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fix possible store tearing in neigh_periodic_work() While looking at a related syzbot report involving neigh_periodic_work(), I found that I forgot to add an annotation when deleting an RCU protected item from a list. Readers use rcu_deference(*np), we need to use either rcu_assign_pointer() or WRITE_ONCE() on writer side to prevent store tearing. I use rcu_assign_pointer() to have lockdep support, this was the choice made in neigh_flu... • https://git.kernel.org/stable/c/767e97e1e0db0d0f3152cd2f3bd3403596aedbad • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52517 – spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
https://notcve.org/view.php?id=CVE-2023-52517
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain Previously the transfer complete IRQ immediately drained to RX FIFO to read any data remaining in FIFO to the RX buffer. This behaviour is correct when dealing with SPI in interrupt mode. However in DMA mode the transfer complete interrupt still fires as soon as all bytes to be transferred have been stored in the FIFO. At that point data in the FIFO still needs to be ... • https://git.kernel.org/stable/c/bd1ec7f9983b5cd3c77e0f7cda3fa8aed041af2f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52516 – dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock
https://notcve.org/view.php?id=CVE-2023-52516
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock __dma_entry_alloc_check_leak() calls into printk -> serial console output (qcom geni) and grabs port->lock under free_entries_lock spin lock, which is a reverse locking dependency chain as qcom_geni IRQ handler can call into dma-debug code and grab free_entries_lock under port->lock. Move __dma_entry_alloc_check_leak() call out of free_entries_lock scope so that we... • https://git.kernel.org/stable/c/c79300599923daaa30f417c75555d5566b3d31ae •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-52515 – RDMA/srp: Do not call scsi_done() from srp_abort()
https://notcve.org/view.php?id=CVE-2023-52515
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsi_done() from srp_abort() After scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler callback, it performs one of the following actions: * Call scsi_queue_insert(). * Call scsi_finish_command(). * Call scsi_eh_scmd_add(). Hence, SCSI abort handlers must not call scsi_done(). Otherwise all the above actions would trigger a use-after-free. Hence remove the scsi_done() call from srp_abort(). Keep the srp_fr... • https://git.kernel.org/stable/c/d8536670916a685df116b5c2cb256573fd25e4e3 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52513 – RDMA/siw: Fix connection failure handling
https://notcve.org/view.php?id=CVE-2023-52513
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix connection failure handling In case immediate MPA request processing fails, the newly created endpoint unlinks the listening endpoint and is ready to be dropped. This special case was not handled correctly by the code handling the later TCP socket close, causing a NULL dereference crash in siw_cm_work_handler() when dereferencing a NULL listener. We now also cancel the useless MPA timeout, if immediate MPA request processing f... • https://git.kernel.org/stable/c/6c52fdc244b5ccc468006fd65a504d4ee33743c7 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52511 – spi: sun6i: reduce DMA RX transfer width to single byte
https://notcve.org/view.php?id=CVE-2023-52511
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: sun6i: reduce DMA RX transfer width to single byte Through empirical testing it has been determined that sometimes RX SPI transfers with DMA enabled return corrupted data. This is down to single or even multiple bytes lost during DMA transfer from SPI peripheral to memory. It seems the RX FIFO within the SPI peripheral can become confused when performing bus read accesses wider than a single byte to it during an active SPI transfer. Th... • https://git.kernel.org/stable/c/ff05ed4ae214011464a0156f05cac1b0b46b5fbc •