CVSS: 2.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52746 – xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
https://notcve.org/view.php?id=CVE-2023-52746
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) { return -EOPNOTSUPP; } @type is then used as an array index and can be used as a Spectre v1 gadget. if (nla_len(nla) < compat_policy[type].len) { array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfrm/compat: ... • https://git.kernel.org/stable/c/5106f4a8acff480e244300bc5097c0ad7048c3a2 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52745 – IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
https://notcve.org/view.php?id=CVE-2023-52745
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queues. This causes to a crash when traffic is sent over the PKEY interface due to the parent having a single queue but the child having multiple queues. This patch fixes the number of queues to 1 for legacy IPoIB at the earliest possible... • https://git.kernel.org/stable/c/d4bf3fcccd188db9f3310d93472041cdefba97bf •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52744 – RDMA/irdma: Fix potential NULL-ptr-dereference
https://notcve.org/view.php?id=CVE-2023-52744
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix potential NULL-ptr-dereference in_dev_get() can return NULL which will cause a failure once idev is dereferenced in in_dev_for_each_ifa_rtnl(). This patch adds a check for NULL value in idev beforehand. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/irdma: se corrige una posible referencia NULL-ptr-dereference in_dev_get() que puede devol... • https://git.kernel.org/stable/c/146b9756f14c04894226fb97e2f102f217139c27 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52743 – ice: Do not use WQ_MEM_RECLAIM flag for workqueue
https://notcve.org/view.php?id=CVE-2023-52743
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Do not use WQ_MEM_RECLAIM flag for workqueue When both ice and the irdma driver are loaded, a warning in check_flush_dependency is being triggered. This is due to ice driver workqueue being allocated with the WQ_MEM_RECLAIM flag and the irdma one is not. According to kernel documentation, this flag should be set if the workqueue will be involved in the kernel's memory reclamation flow. Since it is not, there is no need for the ice driv... • https://git.kernel.org/stable/c/940b61af02f497fcd911b9e2d75c6b8cf76b92fd •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52742 – net: USB: Fix wrong-direction WARNING in plusb.c
https://notcve.org/view.php?id=CVE-2023-52742
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a write. In modern kernels this error provokes a WARNING: usb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0 WARNING: CPU: 0 PID: 4645 at drivers/usb/core/urb.c:411 usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411 Modules linked in: CPU:... • https://git.kernel.org/stable/c/090ffa9d0e904e1ed0f86c84dcf20684a8ac1a5a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52741 – cifs: Fix use-after-free in rdata->read_into_pages()
https://notcve.org/view.php?id=CVE-2023-52741
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix use-after-free in rdata->read_into_pages() When the network status is unstable, use-after-free may occur when read data from the server. BUG: KASAN: use-after-free in readpages_fill_pages+0x14c/0x7e0 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52740 – powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch
https://notcve.org/view.php?id=CVE-2023-52740
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch The RFI and STF security mitigation options can flip the interrupt_exit_not_reentrant static branch condition concurrently with the interrupt exit code which tests that branch. Interrupt exit tests this condition to set MSR[EE|RI] for exit, then again in the case a soft-masked interrupt is found pending, to recover the MSR so the interrupt can be replayed before ... • https://git.kernel.org/stable/c/13799748b957bc5659f97c036224b0f4b42172e2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52739 – Fix page corruption caused by racy check in __free_pages
https://notcve.org/view.php?id=CVE-2023-52739
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca page:0000000022261c55 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x1304ca flags: 0x17ffffc0000000() raw: 0017ffffc0000000 ffff8a513ffd4c98 ffffeee24b35ec08 0000000000000000 raw: 0000000000000000 000000000000000... • https://git.kernel.org/stable/c/e320d3012d25b1fb5f3df4edb7bd44a1c362ec10 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52738 – drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini
https://notcve.org/view.php?id=CVE-2023-52738
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini Currently amdgpu calls drm_sched_fini() from the fence driver sw fini routine - such function is expected to be called only after the respective init function - drm_sched_init() - was executed successfully. Happens that we faced a driver probe failure in the Steam Deck recently, and the function drm_sched_fini() was called even without its counter-part had been previously ca... • https://git.kernel.org/stable/c/067f44c8b4590c3f24d21a037578a478590f2175 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52737 – btrfs: lock the inode in shared mode before starting fiemap
https://notcve.org/view.php?id=CVE-2023-52737
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: lock the inode in shared mode before starting fiemap Currently fiemap does not take the inode's lock (VFS lock), it only locks a file range in the inode's io tree. This however can lead to a deadlock if we have a concurrent fsync on the file and fiemap code triggers a fault when accessing the user space buffer with fiemap_fill_next_extent(). The deadlock happens on the inode's i_mmap_lock semaphore, which is taken both by fsync and b... • https://git.kernel.org/stable/c/d8c594da79bc0244e610a70594e824a401802be1 •