CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48710 – drm/radeon: fix a possible null pointer dereference
https://notcve.org/view.php?id=CVE-2022-48710
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix a possible null pointer dereference In radeon_fp_native_mode(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. The failure status of drm_cvt_mode() on the other path is checked too. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/radeon: corrige una posible desreferencia del puntero null. En radeon_fp_native_mode(), el valor de retorno de drm_mode_duplicate() se asigna al modo, lo que conducirá a una desreferencia del puntero NULL en caso de falla de drm_mode_duplicate(). Agregue una marca para evitar npd. • https://git.kernel.org/stable/c/b33f7d99c9226892c7794dc2500fae35966020c9 https://git.kernel.org/stable/c/16a0f0b63c4c7eb46fc4c3f00bf2836e6ee46a9f https://git.kernel.org/stable/c/8a89bfeef9abe93371e3ea8796377f2d132eee29 https://git.kernel.org/stable/c/28fd384c78d7d8ed8af0d086d778c3e438ba7f60 https://git.kernel.org/stable/c/fee8ae0a0bb66eb7730c22f44fbd7203f63c2eab https://git.kernel.org/stable/c/7b7fba107b2c4ec7673d0f45bdbb9d1af697d9b9 https://git.kernel.org/stable/c/e938d24f0b7392e142b8aa434f18590d99dbe479 https://git.kernel.org/stable/c/140d9807b96e1303f6f2675a7ae8710a2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47432 – lib/generic-radix-tree.c: Don't overflow in peek()
https://notcve.org/view.php?id=CVE-2021-47432
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the radix tree code. Oops. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: lib/generic-radix-tree.c: No se desborda en peek() Cuando comenzamos a distribuir nuevos números de inodos en la mayor parte del espacio de inodos de 64 bits, eso activó algunas esquinas. errores de casos, en particular algunos desbordamientos de enteros relacionados con el código del árbol de base. Ups. • https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437 https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0 https://access.redhat.com/security/cve/CVE-2021-47432 https://bugzilla.redhat.com/show_bug.cgi?id=2282366 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52747 – IB/hfi1: Restore allocated resources on failed copyout
https://notcve.org/view.php?id=CVE-2023-52747
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Restore allocated resources on failed copyout Fix a resource leak if an error occurs. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: IB/hfi1: restaurar los recursos asignados en caso de copia fallida. Reparar una fuga de recursos si se produce un error. • https://git.kernel.org/stable/c/f404ca4c7ea8e650ba09ba87c71c7a89c865d5be https://git.kernel.org/stable/c/00d9e212b8a39e6ffcf31b9d2e503d2bf6009d45 https://git.kernel.org/stable/c/7896accedf5bf1277d2f305718e36dc8bac7e321 https://git.kernel.org/stable/c/79b595d9591426156a9e0635a5b5115508a36fef https://git.kernel.org/stable/c/9bae58d58b6bb73b572356b31a62d2afc7378d12 https://git.kernel.org/stable/c/0a4f811f2e5d07bbd0c9226f4afb0a1270a831ae https://git.kernel.org/stable/c/6601fc0d15ffc20654e39486f9bef35567106d68 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52746 – xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
https://notcve.org/view.php?id=CVE-2023-52746
In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) { return -EOPNOTSUPP; } @type is then used as an array index and can be used as a Spectre v1 gadget. if (nla_len(nla) < compat_policy[type].len) { array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfrm/compat: previene el posible gadget spectre v1 en xfrm_xlate32_attr() int type = nla_type(nla); if (tipo > XFRMA_MAX) { return -EOPNOTSUPP; } @type luego se usa como índice de matriz y se puede usar como un gadget Spectre v1. if (nla_len(nla) < compat_policy[type].len) { array_index_nospec() se puede utilizar para evitar la filtración de contenido de la memoria del kernel a usuarios malintencionados. • https://git.kernel.org/stable/c/5106f4a8acff480e244300bc5097c0ad7048c3a2 https://git.kernel.org/stable/c/a893cc644812728e86e9aff517fd5698812ecef0 https://git.kernel.org/stable/c/5dc688fae6b7be9dbbf5304a3d2520d038e06db5 https://git.kernel.org/stable/c/419674224390fca298020fc0751a20812f84b12d https://git.kernel.org/stable/c/b6ee896385380aa621102e8ea402ba12db1cabff •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52745 – IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
https://notcve.org/view.php?id=CVE-2023-52745
In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queues. This causes to a crash when traffic is sent over the PKEY interface due to the parent having a single queue but the child having multiple queues. This patch fixes the number of queues to 1 for legacy IPoIB at the earliest possible point in time. BUG: kernel NULL pointer dereference, address: 000000000000036b PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 4 PID: 209665 Comm: python3 Not tainted 6.1.0_for_upstream_min_debug_2022_12_12_17_02 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:kmem_cache_alloc+0xcb/0x450 Code: ce 7e 49 8b 50 08 49 83 78 10 00 4d 8b 28 0f 84 cb 02 00 00 4d 85 ed 0f 84 c2 02 00 00 41 8b 44 24 28 48 8d 4a 01 49 8b 3c 24 <49> 8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 74 b8 41 8b RSP: 0018:ffff88822acbbab8 EFLAGS: 00010202 RAX: 0000000000000070 RBX: ffff8881c28e3e00 RCX: 00000000064f8dae RDX: 00000000064f8dad RSI: 0000000000000a20 RDI: 0000000000030d00 RBP: 0000000000000a20 R08: ffff8882f5d30d00 R09: ffff888104032f40 R10: ffff88810fade828 R11: 736f6d6570736575 R12: ffff88810081c000 R13: 00000000000002fb R14: ffffffff817fc865 R15: 0000000000000000 FS: 00007f9324ff9700(0000) GS:ffff8882f5d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000036b CR3: 00000001125af004 CR4: 0000000000370ea0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_clone+0x55/0xd0 ip6_finish_output2+0x3fe/0x690 ip6_finish_output+0xfa/0x310 ip6_send_skb+0x1e/0x60 udp_v6_send_skb+0x1e5/0x420 udpv6_sendmsg+0xb3c/0xe60 ? ip_mc_finish_output+0x180/0x180 ? __switch_to_asm+0x3a/0x60 ? __switch_to_asm+0x34/0x60 sock_sendmsg+0x33/0x40 __sys_sendto+0x103/0x160 ? • https://git.kernel.org/stable/c/d4bf3fcccd188db9f3310d93472041cdefba97bf https://git.kernel.org/stable/c/d21714134505bc23daa0455b295f3b63730b3b42 https://git.kernel.org/stable/c/ca48174a7643a7e6dd31c4338c5cde49552e138e https://git.kernel.org/stable/c/ee0e9b2c4b9c35837553124b4912230a7e7c7212 https://git.kernel.org/stable/c/2aecfec735f16f99c059db956edfd95a32458d22 https://git.kernel.org/stable/c/8fa3ee8ef185eb3e8be44f282721b05a03e6f888 https://git.kernel.org/stable/c/bc2f5760b47cba4a76be9371806f8f10fccf71a9 https://git.kernel.org/stable/c/bab775fa9c4f4b4da30c9cc99be4bec19 •