CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52458 – block: add check that partition length needs to be aligned with block size
https://notcve.org/view.php?id=CVE-2023-52458
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the logical block size of the disk is larger than 512 bytes, then the partition size maybe not the multiple of the logical block size, and when the last sector is read, bio_truncate() will adjust the bio size, resulting in an IO error i... • https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52457 – serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
https://notcve.org/view.php?id=CVE-2023-52457
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Returning an error code from .remove() makes the driver core emit the little helpful error message: remove callback returned a non-zero value. This will be ignored. and then remove the device anyhow. So all resources that were not freed are leaked in this case. Skipping serial8250_unregister_port() has the potential to keep enough of the UART around to tri... • https://git.kernel.org/stable/c/2d66412563ef8953e2bac2d98d2d832b3f3f49cd • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52454 – nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
https://notcve.org/view.php?id=CVE-2023-52454
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 lr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp] Call trace: process_one_work+0x174/0x3c8 worker_thread+0x2d0/0x3e8 kthread+0x104/0x110 Fix the bug by raising a fatal error if ... • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26593 – i2c: i801: Fix block process call transactions
https://notcve.org/view.php?id=CVE-2024-26593
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once again before reading the incoming data from the buffer. The driver is currently missing the second reset, causing the wrong portion of the block buffer to be read. En el kernel de Linux, se ha resuelto la siguiente... • https://git.kernel.org/stable/c/315cd67c945351f8a569500f8ab16b7fa94026e8 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52451 – powerpc/pseries/memhp: Fix access beyond end of drmem array
https://notcve.org/view.php?id=CVE-2023-52451
22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails, the cursor is left pointing to &drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the last valid entry in the array. The debug message at the end of the function then dereferences this pointer: ... • https://git.kernel.org/stable/c/51925fb3c5c901aa06cdc853268a6e19e19bcdc7 • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52449 – mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
https://notcve.org/view.php?id=CVE-2023-52449
22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read(). ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all gluebi_notify nb->notifier_call() gluebi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_... • https://git.kernel.org/stable/c/2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52448 – gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
https://notcve.org/view.php?id=CVE-2023-52448
22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating rgd->rd_gl fails in read_rindex_entry(). Add a NULL pointer check in gfs2_rgrp_dump() to prevent that. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gfs2: Se corrigió la desreferencia del puntero NULL del kernel en gfs2_rgrp_dump Syzka... • https://git.kernel.org/stable/c/72244b6bc752b5c496f09de9a13c18adc314a53c • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52445 – media: pvrusb2: fix use after free on context disconnection
https://notcve.org/view.php?id=CVE-2023-52445
22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on the context object. However, that might happen before the usb hub_event handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack. En el... • https://git.kernel.org/stable/c/e5be15c63804e05b5a94197524023702a259e308 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52444 – f2fs: fix to avoid dirent corruption
https://notcve.org/view.php?id=CVE-2023-52444
22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link[1]: f2fs_rename() ... if (old_dir != new_dir && !whiteout) f2fs_set_link(old_inode, old_dir_entry, old_dir_page, new_dir); else f2fs_put_page(old_dir_page, 0); You want correct inumber in the ".." link. And cross-directory rename does move the source to new parent, even if you'd been asked to leave a whiteout in the old place. [1] https://lore.kernel.org/all/20231017055040.GN800259... • https://git.kernel.org/stable/c/7e01e7ad746bc8198a8b46163ddc73a1c7d22339 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26589 – bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS
https://notcve.org/view.php?id=CVE-2024-26589
22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS For PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So the variable offset is not checked. The following prog is accepted: func#0 @0 0: R1=ctx() R10=fp0 0: (bf) r6 = r1 ; R1=ctx() R6_w=ctx() 1: (79) r7 = *(u64 *)(r6 +144) ; R6_w=ctx() R7_w=flow_keys() 2: (b7) r8 = 1024 ; R8_w=1024 3: (37) r... • https://git.kernel.org/stable/c/d58e468b1112dcd1d5193c0a89ff9f98b5a3e8b9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •