CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52683 – ACPI: LPIT: Avoid u32 multiplication overflow
https://notcve.org/view.php?id=CVE-2023-52683
In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if tsc_khz is large enough (> UINT_MAX/1000). Change multiplication to mul_u32_u32(). Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ACPI: LPIT: Evitar desbordamiento de multiplicación u32 En lpit_update_residency() existe la posibilidad de desbordamiento en la multiplicación, si tsc_khz es lo suficientemente grande (> UINT_MAX/1000). Cambie la multiplicación a mul_u32_u32(). Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/eeb2d80d502af28e5660ff4bbe00f90ceb82c2db https://git.kernel.org/stable/c/647d1d50c31e60ef9ccb9756a8fdf863329f7aee https://git.kernel.org/stable/c/6c38e791bde07d6ca2a0a619ff9b6837e0d5f9ad https://git.kernel.org/stable/c/f39c3d578c7d09a18ceaf56750fc7f20b02ada63 https://git.kernel.org/stable/c/c1814a4ffd016ce5392c6767d22ef3aa2f0d4bd1 https://git.kernel.org/stable/c/72222dfd76a79d9666ab3117fcdd44ca8cd0c4de https://git.kernel.org/stable/c/d1ac288b2742aa4af746c5613bac71760fadd1c4 https://git.kernel.org/stable/c/b7aab9d906e2e252a7783f872406033ec •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52679 – of: Fix double free in of_parse_phandle_with_args_map
https://notcve.org/view.php?id=CVE-2023-52679
In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop. Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigned to "cur". Extend the unittest to detect the double free and add an additional test case that actually triggers this path. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: of: Solucionado double free en of_parse_phandle_with_args_map En of_parse_phandle_with_args_map() el bucle interno que itera por las entradas del mapa llama a of_node_put(new) para liberar la referencia adquirida por la iteración anterior del bucle interno . Esto supone que el valor de "nuevo" es NULL en la primera iteración del bucle interno. Asegúrese de que esto sea cierto en todas las iteraciones del bucle externo estableciendo "nuevo" en NULL después de que su valor se asigne a "cur". • https://git.kernel.org/stable/c/bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2 https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21 https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8 https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52676 – bpf: Guard stack limits against 32bit overflow
https://notcve.org/view.php?id=CVE-2023-52676
In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit register with a int offset. The register was checked to be below 1<<29 when it was variable, but not when it was fixed. The offset either comes from an instruction (in which case it is 16 bit), from another register (in which case the caller checked it to be below 1<<29 [1]), or from the size of an argument to a kfunc (in which case it can be a u32 [2]). Between the register being inconsistently checked to be below 1<<29, and the offset being up to an u32, it appears that we were open to overflowing the `int`s which were currently used for arithmetic. [1] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L7494-L7498 [2] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L11904 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Proteger los límites de la pila contra el desbordamiento de 32 bits. • https://git.kernel.org/stable/c/ad140fc856f0b1d5e2215bcb6d0cc247a86805a2 https://git.kernel.org/stable/c/e5ad9ecb84405637df82732ee02ad741a5f782a6 https://git.kernel.org/stable/c/1d38a9ee81570c4bd61f557832dead4d6f816760 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52675 – powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
https://notcve.org/view.php?id=CVE-2023-52675
In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/imc-pmu: agregue una verificación de puntero null en update_events_in_group() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. • https://git.kernel.org/stable/c/885dcd709ba9120b9935415b8b0f9d1b94e5826b https://git.kernel.org/stable/c/75fc599bcdcb1de093c9ced2e3cccc832f3787f3 https://git.kernel.org/stable/c/1e80aa25d186a7aa212df5acd8c75f55ac8dae34 https://git.kernel.org/stable/c/5a669f3511d273c8c1ab1c1d268fbcdf53fc7a05 https://git.kernel.org/stable/c/f105c263009839d80fad6998324a4e1b3511cba0 https://git.kernel.org/stable/c/a2da3f9b1a1019c887ee1d164475a8fcdb0a3fec https://git.kernel.org/stable/c/024352f7928b28f53609660663329d8c0f4ad032 https://git.kernel.org/stable/c/c7d828e12b326ea50fb80c369d7aa8751 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35837 – net: mvpp2: clear BM pool before initialization
https://notcve.org/view.php?id=CVE-2024-35837
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: mvpp2: borre el grupo de BM antes de la inicialización. El valor del registro persiste después de iniciar el kernel usando kexec, lo que genera pánico en el kernel. Por lo tanto, borre los registros del grupo BM antes de la inicialización para solucionar el problema. • https://git.kernel.org/stable/c/3f518509dedc99f0b755d2ce68d24f610e3a005a https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4 https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38 https://lists.debian.org/debian-lts-announce/2024/06/ •