CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27068 – thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path
https://notcve.org/view.php?id=CVE-2024-27068
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path If devm_krealloc() fails, then 'efuse' is leaking. So free it to avoid a leak. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal/drivers/mediatek/lvts_thermal: corrige una pérdida de memoria en una ruta de manejo de errores. Si devm_krealloc() falla, entonces 'efuse' tiene una fuga. Así que libérelo para evitar una fuga. In the Linux ... • https://git.kernel.org/stable/c/f5f633b18234cecb0e6ee6e5fbb358807dda15c3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27067 – xen/evtchn: avoid WARN() when unbinding an event channel
https://notcve.org/view.php?id=CVE-2024-27067
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN() when unbinding an event channel When unbinding a user event channel, the related handler might be called a last time in case the kernel was built with CONFIG_DEBUG_SHIRQ. This might cause a WARN() in the handler. Avoid that by adding an "unbinding" flag to struct user_event which will short circuit the handler. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: xen/evtchn: evite WARN() al desvincular un... • https://git.kernel.org/stable/c/3c8f5965a99397368d3762a9814a21a3e442e1a4 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27066 – virtio: packed: fix unmap leak for indirect desc table
https://notcve.org/view.php?id=CVE-2024-27066
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio: packed: fix unmap leak for indirect desc table When use_dma_api and premapped are true, then the do_unmap is false. Because the do_unmap is false, vring_unmap_extra_packed is not called by detach_buf_packed. if (unlikely(vq->do_unmap)) { curr = id; for (i = 0; i < state->num; i++) { vring_unmap_extra_packed(vq, &vq->packed.desc_extra[curr]); curr = vq->packed.desc_extra[curr].next; } } So the indirect desc table is not unmapped. Thi... • https://git.kernel.org/stable/c/b319940f83c21bb4c1fabffe68a862be879a6193 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27065 – netfilter: nf_tables: do not compare internal table flags on updates
https://notcve.org/view.php?id=CVE-2024-27065
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: no comparar indicadores de tablas internas en las actualizaciones Restaurar la transacción omitida si la actualización de la tabla no modifica los indicadores. • https://git.kernel.org/stable/c/e10f661adc556c4969c70ddaddf238bffdaf1e87 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27064 – netfilter: nf_tables: Fix a memory leak in nf_tables_updchain
https://notcve.org/view.php?id=CVE-2024-27064
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain If nft_netdev_register_hooks() fails, the memory associated with nft_stats is not freed, causing a memory leak. This patch fixes it by moving nft_stats_alloc() down after nft_netdev_register_hooks() succeeds. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: corrige una pérdida de memoria en nf_tables_updchain Si nft_netdev_register_hooks() ... • https://git.kernel.org/stable/c/b9703ed44ffbfba85c103b9de01886a225e14b38 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52653 – SUNRPC: fix a memleak in gss_import_v2_context
https://notcve.org/view.php?id=CVE-2023-52653
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error. Thus, this patch reform the last call of gss_import_v2_context to the gss_krb5_import_ctx_v2, preventing the memleak while keepping the return formation. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: SUNRPC: cor... • https://git.kernel.org/stable/c/47d84807762966c3611c38adecec6ea703ddda7a •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52652 – NTB: fix possible name leak in ntb_register_device()
https://notcve.org/view.php?id=CVE-2023-52652
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: NTB: fix possible name leak in ntb_register_device() If device_register() fails in ntb_register_device(), the device name allocated by dev_set_name() should be freed. As per the comment in device_register(), callers should use put_device() to give up the reference in the error path. So fix this by calling put_device() in the error path so that the name can be freed in kobject_cleanup(). As a result of this, put_device() in the error path of... • https://git.kernel.org/stable/c/a1bd3baeb2f18b2b3d0f98ce5fdaa725149b950b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48669 – powerpc/pseries: Fix potential memleak in papr_get_attr()
https://notcve.org/view.php?id=CVE-2022-48669
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in papr_get_attr() `buf` is allocated in papr_get_attr(), and krealloc() of `buf` could fail. We need to free the original `buf` in the case of failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/pseries: corrija una posible fuga de mem en papr_get_attr() `buf` está asignado en papr_get_attr(), y krealloc() de `buf` podría fallar. Necesitamos liberar el "buf" original en ca... • https://git.kernel.org/stable/c/3c14b73454cf9f6e2146443fdfbdfb912c0efed3 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27063 – leds: trigger: netdev: Fix kernel panic on interface rename trig notify
https://notcve.org/view.php?id=CVE-2024-27063
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kernel panic on interface rename trig notify Commit d5e01266e7f5 ("leds: trigger: netdev: add additional specific link speed mode") in the various changes, reworked the way to set the LINKUP mode in commit cee4bd16c319 ("leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename") and moved it to a generic function. This changed the logic where, in the previous implementation the dev from the trigger even... • https://git.kernel.org/stable/c/d5e01266e7f5fa12400d4c8aa4e86fe89dcc61e9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27062 – nouveau: lock the client object tree.
https://notcve.org/view.php?id=CVE-2024-27062
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI [ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27 [ 4562.099324] Hardware name: Gigabyte Technology Co.... • https://git.kernel.org/stable/c/6887314f5356389fc219b8152e951ac084a10ef7 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •