CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48636 – s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
https://notcve.org/view.php?id=CVE-2022-48636
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasd_alias_get_start_dev() and _lcu_update() which sets pavgroup to NULL with the lcu->lock held. Fix by checking the pavgroup pointer wit... • https://git.kernel.org/stable/c/8e09f21574ea3028d5629e5de759e0b196c690c5 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48635 – fsdax: Fix infinite loop in dax_iomap_rw()
https://notcve.org/view.php?id=CVE-2022-48635
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: fsdax: Fix infinite loop in dax_iomap_rw() I got an infinite loop and a WARNING report when executing a tail command in virtiofs. WARNING: CPU: 10 PID: 964 at fs/iomap/iter.c:34 iomap_iter+0x3a2/0x3d0 Modules linked in: CPU: 10 PID: 964 Comm: tail Not tainted 5.19.0-rc7 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48634 – drm/gma500: Fix BUG: sleeping function called from invalid context errors
https://notcve.org/view.php?id=CVE-2022-48634
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinlock while calling crtc_funcs->mode_set_base() which takes ww_mutex. The only reason to hold event_lock is to clear gma_crtc->page_flip_event on mode_set_base() errors. Instead unlock it after setting gma_crtc->page_flip_event and on errors re-take the lock and clear gma_crtc->page_flip_event it it is still set. This... • https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48633 – drm/gma500: Fix WARN_ON(lock->magic != lock) error
https://notcve.org/view.php?id=CVE-2022-48633
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix WARN_ON(lock->magic != lock) error psb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutex gets destroyed by drm_gem_object_release() move the drm_gem_object_release() call in psb_gem_free_object() to after the unpin to fix the below warning: [ 79.693962] ------------[ cut here ]------------ [ 79.693992] DEBUG_LOCKS_WARN_ON(lock->magic != lock) [ 79.694015] WARNING: CPU: 0 PID: 240 at kernel/locking/mutex.c:582 __w... • https://git.kernel.org/stable/c/55c077d97fa67e9f19952bb24122a8316b089474 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48632 – i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()
https://notcve.org/view.php?id=CVE-2022-48632
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: mlxbf: evita el desbordamiento de pila en mlxbf_i2c_smbus_start_transaction() memcpy() se llama en un bucle mientras que el límite superior 'operation->length' no está marcado y 'da... • https://git.kernel.org/stable/c/b5b5b32081cd206baa6e58cca7f112d9723785d6 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48631 – ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
https://notcve.org/view.php?id=CVE-2022-48631
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 When walking through an inode extents, the ext4_ext_binsearch_idx() function assumes that the extent header has been previously validated. However, there are no checks that verify that the number of entries (eh->eh_entries) is non-zero when depth is > 0. And this will lead to problems because the EXT_FIRST_INDEX() and EXT_LAST_INDEX() will return garbage and result in th... • https://git.kernel.org/stable/c/bb7eb3ca4b3b0d2c7872cf1a41c30f5e5bd65df0 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26928 – smb: client: fix potential UAF in cifs_debug_files_proc_show()
https://notcve.org/view.php?id=CVE-2024-26928
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_debug_files_proc_show() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. A flaw was found in the Linux kernel. The following vulnerability has been resolved... • https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52646 – aio: fix mremap after fork null-deref
https://notcve.org/view.php?id=CVE-2023-52646
26 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [jmoyer@redhat.com: fix 80 column issue] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: aio: corrige mremap después de la bifurcación null-deref Commit e4a0d3e720e7 ("aio: Make it posible reasignar el anillo ... • https://git.kernel.org/stable/c/e4a0d3e720e7e508749c1439b5ba3aff56c92976 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26926 – binder: check offset alignment in binder_get_object()
https://notcve.org/view.php?id=CVE-2024-26926
24 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is nee... • https://git.kernel.org/stable/c/c056a6ba35e00ae943e377eb09abd77a6915b31a •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26925 – netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
https://notcve.org/view.php?id=CVE-2024-26925
24 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction aga... • https://git.kernel.org/stable/c/4b6346dc1edfb9839d6edee7360ed31a22fa6c95 • CWE-667: Improper Locking •