CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48672 – of: fdt: fix off-by-one error in unflatten_dt_nodes()
https://notcve.org/view.php?id=CVE-2022-48672
In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which makes it possible to overflow the nps[] buffer... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: de: fdt: corrige el error uno por uno en unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: corrige la profundidad al desacoplar el árbol de dispositivos") olvidó arreglar la comprobación de profundidad el cuerpo del bucle en unflatten_dt_nodes() que permite desbordar el búfer nps[]... Encontrado por el Centro de verificación de Linux (linuxtesting.org) con la herramienta de análisis estático SVACE. • https://git.kernel.org/stable/c/78c44d910d3e5f96dc6b3695fc1e4efd7c46a455 https://git.kernel.org/stable/c/cbdda20ce363356698835185801a58a28f644853 https://git.kernel.org/stable/c/2566706ac6393386a4e7c4ce23fe17f4c98d9aa0 https://git.kernel.org/stable/c/e0e88c25f88b9805572263c9ed20f1d88742feaf https://git.kernel.org/stable/c/ee4369260e77821602102dcc7d792de39a56365c https://git.kernel.org/stable/c/ba6b9f7cc1108bad6e2c53b1d6e0156379188db7 https://git.kernel.org/stable/c/2133f451311671c7c42b5640d2b999326b39aa0e https://git.kernel.org/stable/c/2f945a792f67815abca26fa8a5e863ccf • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48670 – peci: cpu: Fix use-after-free in adev_release()
https://notcve.org/view.php?id=CVE-2022-48670
In the Linux kernel, the following vulnerability has been resolved: peci: cpu: Fix use-after-free in adev_release() When auxiliary_device_add() returns an error, auxiliary_device_uninit() is called, which causes refcount for device to be decremented and .release callback will be triggered. Because adev_release() re-calls auxiliary_device_uninit(), it will cause use-after-free: [ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15 [ 1269.464007] refcount_t: underflow; use-after-free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: peci: cpu: corrige use-after-free en adev_release() Cuando auxiliar_device_add() devuelve un error, se llama a auxiliar_device_uninit(), lo que hace que se disminuya el recuento del dispositivo y . Se activará la devolución de llamada de liberación. Debido a que adev_release() vuelve a llamar a auxiliar_device_uninit(), provocará use-after-free: [1269.455172] ADVERTENCIA: CPU: 0 PID: 14267 en lib/refcount.c:28 refcount_warn_saturate+0x110/0x15 [1269.464007] refcount_t: underflow ; use-after-free. • https://git.kernel.org/stable/c/c87f1f99e26ea4ae08cabe753ae98e5626bdba89 https://git.kernel.org/stable/c/1c11289b34ab67ed080bbe0f1855c4938362d9cf • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27388 – SUNRPC: fix some memleaks in gssx_dec_option_array
https://notcve.org/view.php?id=CVE-2024-27388
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: SUNRPC: corrige algunas fugas de mem en gssx_dec_option_array Los creds y oa->data deben liberarse en las rutas de manejo de errores después de su asignación. Entonces este parche agrega estas desasignaciones en las rutas correspondientes. • https://git.kernel.org/stable/c/1d658336b05f8697d6445834f8867f8ad5e4f735 https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364 https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8 https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8 https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044 https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3 https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27078 – media: v4l2-tpg: fix some memleaks in tpg_alloc
https://notcve.org/view.php?id=CVE-2024-27078
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpg_free is called only when tpg_alloc return 0. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medio: v4l2-tpg: corrige algunas fugas de memoria en tpg_alloc En tpg_alloc, los recursos deben desasignarse en todas y cada una de las rutas de manejo de errores, ya que se asignan en declaraciones for. De lo contrario, habría memleaks porque se llama a tpg_free solo cuando tpg_alloc devuelve 0. • https://git.kernel.org/stable/c/63881df94d3ecbb0deafa0b77da62ff2f32961c4 https://git.kernel.org/stable/c/0de691ff547d86dd54c24b40a81f9c925df8dd77 https://git.kernel.org/stable/c/8269ab16415f2065cd792c49b0475543936cbd79 https://git.kernel.org/stable/c/94303a06e1852a366e9671fff46d19459f88cb28 https://git.kernel.org/stable/c/770a57922ce36a8476c43f7400b6501c554ea511 https://git.kernel.org/stable/c/6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d https://git.kernel.org/stable/c/4c86c772fef06f5d7a66151bac42366825db0941 https://git.kernel.org/stable/c/31096da07933598da8522c54bd007376f •
CVSS: -EPSS: 0%CPEs: 13EXPL: 0CVE-2024-27075 – media: dvb-frontends: avoid stack overflow warnings with clang
https://notcve.org/view.php?id=CVE-2024-27075
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than] 1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe) Rework the stv0367_writereg() function to be simpler and mark both register access functions as noinline_for_stack so the temporary i2c_msg structures do not get duplicated on the stack when KASAN_STACK is enabled. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: dvb-frontends: evita advertencias de desbordamiento de pila con clang. Un parche anterior solucionó un problema de KASAN en stv0367, ahora apareció un problema similar con clang: drivers/media/dvb- frontends/stv0367.c:1222:12: error: el tamaño del marco de pila (3624) excede el límite (2048) en 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than] 1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe) Vuelva a trabajar la función stv0367_writereg() para que sea más simple y marque ambas funciones de acceso a registros como noinline_for_stack para que las estructuras temporales i2c_msg no se dupliquen en la pila cuando KASAN_STACK esté habilitado. • https://git.kernel.org/stable/c/3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e https://git.kernel.org/stable/c/dc4bc70259daba144f799e40a99413a86c601006 https://git.kernel.org/stable/c/d1d85ae79d5e5592dccba6890658c0999b864ddc https://git.kernel.org/stable/c/ad91b2e392be4339e09eefd8479675b4232ddfa1 https://git.kernel.org/stable/c/ec1eeaf5b6c12b561d9a90588987e44a2e2f8b1a https://git.kernel.org/stable/c/c073c8cede5abd3836e83d70d72606d11d0759d4 https://git.kernel.org/stable/c/fa8b472952ef46eb632825051078c21ce0cafe55 https://git.kernel.org/stable/c/fb07104a02e87c06c39914d13ed67fd8f •