CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52510 – ieee802154: ca8210: Fix a potential UAF in ca8210_probe
https://notcve.org/view.php?id=CVE-2023-52510
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210_probe If of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls clk_unregister() to release priv->clk and returns an error. However, the caller ca8210_probe() then calls ca8210_remove(), where priv->clk is freed again in ca8210_unregister_ext_clock(). In this case, a use-after-free may happen in the second time we call clk_unregister(). Fix this by removing the first clk_unregi... • https://git.kernel.org/stable/c/ded845a781a578dfb0b5b2c138e5a067aa3b1242 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52509 – ravb: Fix use-after-free issue in ravb_tx_timeout_work()
https://notcve.org/view.php?id=CVE-2023-52509
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravb_tx_timeout_work() The ravb_stop() should call cancel_work_sync(). Otherwise, ravb_tx_timeout_work() is possible to use the freed priv after ravb_remove() was called like below: CPU0 CPU1 ravb_tx_timeout() ravb_remove() unregister_netdev() free_netdev(ndev) // free priv ravb_tx_timeout_work() // use priv unregister_netdev() will call .ndo_stop() so that ravb_stop() is called. And, after phy_stop() is ca... • https://git.kernel.org/stable/c/c156633f1353264634135dea86ffcae74f2122fc •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52508 – nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
https://notcve.org/view.php?id=CVE-2023-52508
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() The nvme_fc_fcp_op structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation. Add validation of the request structure pointer before dereference. In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null... • https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52507 – nfc: nci: assert requested protocol is valid
https://notcve.org/view.php?id=CVE-2023-52507
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid The protocol is used in a bit mask to determine if the protocol is supported. Assert the provided protocol is less than the maximum defined so it doesn't potentially perform a shift-out-of-bounds and provide a clearer error for undefined protocols vs unsupported ones. In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid The protocol is u... • https://git.kernel.org/stable/c/6a2968aaf50c7a22fced77a5e24aa636281efca8 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52504 – x86/alternatives: Disable KASAN in apply_alternatives()
https://notcve.org/view.php?id=CVE-2023-52504
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disable KASAN in apply_alternatives() Fei has reported that KASAN triggers during apply_alternatives() on a 5-level paging machine: BUG: KASAN: out-of-bounds in rcu_is_watching() Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0 ... __asan_load4() rcu_is_watching() trace_hardirqs_on() text_poke_early() apply_alternatives() ... On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57) gets patched. It... • https://git.kernel.org/stable/c/6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52502 – net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
https://notcve.org/view.php?id=CVE-2023-52502
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock should happen before releasing the lock. nfc_llcp_sock_get_sn() has a similar problem. Finally nfc_llcp_recv_snl() needs to make sure the socket found by nfc_llcp_sock_from_sn() does not disappear. In the Linux kernel, the following vul... • https://git.kernel.org/stable/c/8f50020ed9b81ba909ce9573f9d05263cdebf502 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52501 – ring-buffer: Do not attempt to read past "commit"
https://notcve.org/view.php?id=CVE-2023-52501
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not attempt to read past "commit" When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There's barriers to help detect this and handle it, but that code missed the case where the last event was at the very end of the page and has only 4 bytes left. The checks to detect the corruption by the writer to reads needs to see the length of the event. If the length in the first 4 by... • https://git.kernel.org/stable/c/cee5151c5410e868826b8afecfb356f3799ebea3 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52500 – scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command
https://notcve.org/view.php?id=CVE-2023-52500
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command Tags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed when we receive the response. In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command Tags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed when we receive the resp... • https://git.kernel.org/stable/c/2afd8fcee0c4d65a482e30c3ad2a92c25e5e92d4 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48628 – ceph: drop messages from MDS when unmounting
https://notcve.org/view.php?id=CVE-2022-48628
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting When unmounting all the dirty buffers will be flushed and after the last osd request is finished the last reference of the i_count will be released. Then it will flush the dirty cap/snap to MDSs, and the unmounting won't wait the possible acks, which will ihold the inodes when updating the metadata locally but makes no sense any more, of this. This will make the evict_inodes() to skip these inode... • https://git.kernel.org/stable/c/89744b64914426cbabceb3d8a149176b5dafdfb5 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48627 – vt: fix memory overlapping when deleting chars in the buffer
https://notcve.org/view.php?id=CVE-2022-48627
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to memcpy because memcpy does not ensure its behavior if the destination buffer overlaps with the source buffer. The line buffer is not always broken, because the memcpy utilizes the hardware acceleration, whose result is not deterministi... • https://git.kernel.org/stable/c/81732c3b2fede049a692e58a7ceabb6d18ffb18c • CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges •