CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52792 – cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails
https://notcve.org/view.php?id=CVE-2023-52792
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails Commit 5e42bcbc3fef ("cxl/region: decrement ->nr_targets on error in cxl_region_attach()") tried to avoid 'eiw' initialization errors when ->nr_targets exceeded 16, by just decrementing ->nr_targets when cxl_region_setup_targets() failed. Commit 86987c766276 ("cxl/region: Cleanup target list on attach error") extended that cleanup to also clear cxled->pos and p->targets[pos]. The initialization error was incidentally fixed separately by: Commit 8d4285425714 ("cxl/region: Fix port setup uninitialized variable warnings") which was merged a few days after 5e42bcbc3fef. But now the original cleanup when cxl_region_setup_targets() fails prevents endpoint and switch decoder resources from being reused: 1) the cleanup does not set the decoder's region to NULL, which results in future dpa_size_store() calls returning -EBUSY 2) the decoder is not properly freed, which results in future commit errors associated with the upstream switch Now that the initialization errors were fixed separately, the proper cleanup for this case is to just return immediately. Then the resources associated with this target get cleanup up as normal when the failed region is deleted. The ->nr_targets decrement in the error case also helped prevent a p->targets[] array overflow, so add a new check to prevent against that overflow. Tested by trying to create an invalid region for a 2 switch * 2 endpoint topology, and then following up with creating a valid region. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cxl/region: no intente realizar la limpieza después de que cxl_region_setup_targets() falle. Confirme 5e42bcbc3fef ("cxl/region: decrement ->nr_targets on error in cxl_region_attach()") intentó evitar ' Los mismos errores de inicialización cuando ->nr_targets excedieron 16, simplemente disminuyendo ->nr_targets cuando cxl_region_setup_targets() falló. • https://git.kernel.org/stable/c/5e42bcbc3fef6e759dfb4d3f4cfb394c382b4249 https://git.kernel.org/stable/c/90db4c1d5ebaf574d3c3065c055977982c378a83 https://git.kernel.org/stable/c/9090c5537c93cd0811ab7bfbd925b57addfffb60 https://git.kernel.org/stable/c/07ffcd8ec79cf7383e1e45815f4842fd357991c2 https://git.kernel.org/stable/c/0718588c7aaa7a1510b4de972370535b61dddd0d •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52791 – i2c: core: Run atomic i2c xfer when !preemptible
https://notcve.org/view.php?id=CVE-2023-52791
In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() while waiting for the DMA). panic() calls preempt_disable_notrace() before calling emergency_restart(). Therefore, if an i2c device is used for the restart, the xfer should be atomic. This avoids warnings like: [ 12.667612] WARNING: CPU: 1 PID: 1 at kernel/rcu/tree_plugin.h:318 rcu_note_context_switch+0x33c/0x6b0 [ 12.676926] Voluntary context switch within RCU read-side critical section! • https://git.kernel.org/stable/c/bae1d3a05a8b99bd748168bbf8155a1d047c562e https://git.kernel.org/stable/c/25eb381a736e7ae39a4245ef5c96484eb1073809 https://git.kernel.org/stable/c/25284c46b657f48c0f3880a2e0706c70d81182c0 https://git.kernel.org/stable/c/f6237afabc349c1c7909db00e15d2816519e0d2b https://git.kernel.org/stable/c/185f3617adc8fe45e40489b458f03911f0dec46c https://git.kernel.org/stable/c/8c3fa52a46ff4d208cefb1a462ec94e0043a91e1 https://git.kernel.org/stable/c/3473cf43b9068b9dfef2f545f833f33c6a544b91 https://git.kernel.org/stable/c/aa49c90894d06e18a1ee7c095edbd2f37 • CWE-459: Incomplete Cleanup •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52790 – swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC
https://notcve.org/view.php?id=CVE-2023-52790
In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC Limit the free list length to the size of the IO TLB. Transient pool can be smaller than IO_TLB_SEGSIZE, but the free list is initialized with the assumption that the total number of slots is a multiple of IO_TLB_SEGSIZE. As a result, swiotlb_area_find_slots() may allocate slots past the end of a transient IO TLB buffer. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: swiotlb: corrige asignaciones de TLB fuera de los límites con CONFIG_SWIOTLB_DYNAMIC Limita la longitud de la lista libre al tamaño del IO TLB. El grupo transitorio puede ser más pequeño que IO_TLB_SEGSIZE, pero la lista libre se inicializa asumiendo que el número total de ranuras es un múltiplo de IO_TLB_SEGSIZE. Como resultado, swiotlb_area_find_slots() puede asignar ranuras más allá del final de un búfer IO TLB transitorio. • https://git.kernel.org/stable/c/79636caad3618e2b38457f6e298c9b31ba82b489 https://git.kernel.org/stable/c/ce7612496a4ba6068bc68aa1fa9d947dadb4ad9b https://git.kernel.org/stable/c/53c87e846e335e3c18044c397cc35178163d7827 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52789 – tty: vcc: Add check for kstrdup() in vcc_probe()
https://notcve.org/view.php?id=CVE-2023-52789
In the Linux kernel, the following vulnerability has been resolved: tty: vcc: Add check for kstrdup() in vcc_probe() Add check for the return value of kstrdup() and return the error, if it fails in order to avoid NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: vcc: Agregar verificación para kstrdup() en vcc_probe(). Agregar verificación para el valor de retorno de kstrdup() y devolver el error, si falla, para evitar la desreferencia de puntero NULL . • https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3 https://git.kernel.org/stable/c/909963e0c16778cec28efb1affc21558825f4200 https://git.kernel.org/stable/c/460284dfb10b207980c6f3f7046e33446ceb38ac https://git.kernel.org/stable/c/4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc https://git.kernel.org/stable/c/6c80f48912b5bd4965352d1a9a989e21743a4a06 https://git.kernel.org/stable/c/7cebc86481bf16049e266f6774d90f2fd4f8d5d2 https://git.kernel.org/stable/c/4a24a31826246b15477399febd13292b0c9f0ee9 https://git.kernel.org/stable/c/8f8771757b130383732195497e47fba2a •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52788 – i915/perf: Fix NULL deref bugs with drm_dbg() calls
https://notcve.org/view.php?id=CVE-2023-52788
In the Linux kernel, the following vulnerability has been resolved: i915/perf: Fix NULL deref bugs with drm_dbg() calls When i915 perf interface is not available dereferencing it will lead to NULL dereferences. As returning -ENOTSUPP is pretty clear return when perf interface is not available. [tursulin: added stable tag] (cherry picked from commit 36f27350ff745bd228ab04d7845dfbffc177a889) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i915/perf: corrige errores de desreferencia NULL con llamadas drm_dbg(). Cuando la interfaz i915 perf no está disponible, la desreferenciación conducirá a desreferencias NULL. Como devolver -ENOTSUPP es un retorno bastante claro cuando la interfaz perf no está disponible. [tursulin: etiqueta estable agregada] (cereza seleccionada del compromiso 36f27350ff745bd228ab04d7845dfbffc177a889) • https://git.kernel.org/stable/c/9b344cf6aea0a69c00e19efdc6e02c6d5aae1a23 https://git.kernel.org/stable/c/2fec539112e89255b6a47f566e21d99937fada7b https://git.kernel.org/stable/c/1566e8be73fd5fa424e88d2a4cffdc34f970f0e1 https://git.kernel.org/stable/c/55db76caa782baa4a1bf02296e2773c38a524a3e https://git.kernel.org/stable/c/bf8e105030083e7b71591cdf437e464bcd8a0c09 https://git.kernel.org/stable/c/10f49cdfd5fb342a1a9641930dc040c570694e98 https://git.kernel.org/stable/c/471aa951bf1206d3c10d0daa67005b8e4db4ff83 •