CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52698 – calipso: fix memory leak in netlbl_calipso_add_pass()
https://notcve.org/view.php?id=CVE-2023-52698
In the Linux kernel, the following vulnerability has been resolved: calipso: fix memory leak in netlbl_calipso_add_pass() If IPv6 support is disabled at boot (ipv6.disable=1), the calipso_init() -> netlbl_calipso_ops_register() function isn't called, and the netlbl_calipso_ops_get() function always returns NULL. In this case, the netlbl_calipso_add_pass() function allocates memory for the doi_def variable but doesn't free it with the calipso_doi_free(). BUG: memory leak unreferenced object 0xffff888011d68180 (size 64): comm "syz-executor.1", pid 10746, jiffies 4295410986 (age 17.928s) hex dump (first 32 bytes): 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<...>] kmalloc include/linux/slab.h:552 [inline] [<...>] netlbl_calipso_add_pass net/netlabel/netlabel_calipso.c:76 [inline] [<...>] netlbl_calipso_add+0x22e/0x4f0 net/netlabel/netlabel_calipso.c:111 [<...>] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739 [<...>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] [<...>] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800 [<...>] netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2515 [<...>] genl_rcv+0x29/0x40 net/netlink/genetlink.c:811 [<...>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] [<...>] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1339 [<...>] netlink_sendmsg+0x90a/0xdf0 net/netlink/af_netlink.c:1934 [<...>] sock_sendmsg_nosec net/socket.c:651 [inline] [<...>] sock_sendmsg+0x157/0x190 net/socket.c:671 [<...>] ____sys_sendmsg+0x712/0x870 net/socket.c:2342 [<...>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2396 [<...>] __sys_sendmsg+0xea/0x1b0 net/socket.c:2429 [<...>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 [<...>] entry_SYSCALL_64_after_hwframe+0x61/0xc6 Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller [PM: merged via the LSM tree at Jakub Kicinski request] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: calipso: corrige la pérdida de memoria en netlbl_calipso_add_pass() Si la compatibilidad con IPv6 está deshabilitada en el arranque (ipv6.disable=1), no se llama a la función calipso_init() -> netlbl_calipso_ops_register() y la función netlbl_calipso_ops_get() siempre devuelve NULL. En este caso, la función netlbl_calipso_add_pass() asigna memoria para la variable doi_def pero no la libera con calipso_doi_free(). ERROR: pérdida de memoria, objeto sin referencia 0xffff888011d68180 (tamaño 64): comunicación "syz-executor.1", pid 10746, jiffies 4295410986 (edad 17,928 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................. ... seguimiento: [<...>] kmalloc include/linux/slab.h:552 [en línea] [<...>] netlbl_calipso_add_pass net/netlabel/netlabel_calipso.c:76 [en línea] [<... • https://git.kernel.org/stable/c/cb72d38211eacda2dd90b09540542b6582da614e https://git.kernel.org/stable/c/9a8f811a146aa2a0230f8edb2e9f4b6609aab8da https://git.kernel.org/stable/c/36e19f84634aaa94f543fedc0a07588949638d53 https://git.kernel.org/stable/c/44a88650ba55e6a7f2ec485d2c2413ba7e216f01 https://git.kernel.org/stable/c/a4529a08d3704c17ea9c7277d180e46b99250ded https://git.kernel.org/stable/c/321b3a5592c8a9d6b654c7c64833ea67dbb33149 https://git.kernel.org/stable/c/408bbd1e1746fe33e51f4c81c2febd7d3841d031 https://git.kernel.org/stable/c/f14d36e6e97fe935a20e0ceb159c100f9 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52696 – powerpc/powernv: Add a null pointer check in opal_powercap_init()
https://notcve.org/view.php?id=CVE-2023-52696
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/powernv: agregue una verificación de puntero null en opal_powercap_init() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. • https://git.kernel.org/stable/c/b9ef7b4b867f56114bedbe6bf104cfaba0ca818e https://git.kernel.org/stable/c/9da4a56dd3772570512ca58aa8832b052ae910dc https://git.kernel.org/stable/c/a67a04ad05acb56640798625e73fa54d6d41cce1 https://git.kernel.org/stable/c/6b58d16037217d0c64a2a09b655f370403ec7219 https://git.kernel.org/stable/c/f152a6bfd187f67afeffc9fd68cbe46f51439be0 https://git.kernel.org/stable/c/69f95c5e9220f77ce7c540686b056c2b49e9a664 https://git.kernel.org/stable/c/b02ecc35d01a76b4235e008d2dd292895b28ecab https://git.kernel.org/stable/c/e123015c0ba859cf48aa7f89c5016cc6e • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52694 – drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function
https://notcve.org/view.php?id=CVE-2023-52694
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function With tpd12s015_remove() marked with __exit this function is discarded when the driver is compiled as a built-in. The result is that when the driver unbinds there is no cleanup done which results in resource leakage or worse. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/bridge: tpd12s015: Eliminar anotación __exit con errores para eliminar función Con tpd12s015_remove() marcado con __exit, esta función se descarta cuando el controlador se compila como integrado. El resultado es que cuando el controlador se desvincula no se realiza ninguna limpieza, lo que resulta en una fuga de recursos o algo peor. • https://git.kernel.org/stable/c/cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c https://git.kernel.org/stable/c/53926e2a39629702f7f809d614b3ca89c2478205 https://git.kernel.org/stable/c/08ccff6ece35f08e8107e975903c370d849089e5 https://git.kernel.org/stable/c/81f1bd85960b7a089a91e679ff7cd2524390bbf1 https://git.kernel.org/stable/c/a8657406e12aa10412134622c58977ac657f16d2 https://git.kernel.org/stable/c/e00ec5901954d85b39b5f10f94e60ab9af463eb1 https://git.kernel.org/stable/c/ce3e112e7ae854249d8755906acc5f27e1542114 https://lists.debian.org/debian-lts-announce/2024/06/ •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52693 – ACPI: video: check for error while searching for backlight device parent
https://notcve.org/view.php?id=CVE-2023-52693
In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because acpi_ut_acquire_mutex() fails inside acpi_get_parent), this can lead to incorrect (uninitialized) acpi_parent handle being passed to acpi_get_pci_dev() for detecting the parent pci device. Check acpi_get_parent() result and set parent device only in case of success. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: vídeo: comprueba si hay errores al buscar el dispositivo de retroiluminación principal. Si la llamada acpi_get_parent() en acpi_video_dev_register_backlight() fallo, por ejemplo, porque acpi_ut_acquire_mutex() fallo dentro de acpi_get_parent), esto puede provocar que se pase el identificador acpi_parent incorrecto (no inicializado) a acpi_get_pci_dev() para detectar el dispositivo pci principal. Verifique el resultado de acpi_get_parent() y configure el dispositivo principal solo en caso de éxito. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/9661e92c10a9775243c1ecb73373528ed8725a10 https://git.kernel.org/stable/c/556f02699d33c1f40b1b31bd25828ce08fa165d8 https://git.kernel.org/stable/c/1e3a2b9b4039bb4d136dca59fb31e06465e056f3 https://git.kernel.org/stable/c/c4e1a0ef0b4782854c9b77a333ca912b392bed2f https://git.kernel.org/stable/c/3a370502a5681986f9828e43be75ce26c6ab24af https://git.kernel.org/stable/c/2124c5bc22948fc4d09a23db4a8acdccc7d21e95 https://git.kernel.org/stable/c/39af144b6d01d9b40f52e5d773e653957e6c379c https://git.kernel.org/stable/c/72884ce4e10417b1233b614bf134da852 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52692 – ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config()
https://notcve.org/view.php?id=CVE-2023-52692
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was not checking the result. Return the error if it fails rather than continuing with an invalid value. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ALSA: scarlett2: Añadida verificación de error faltante a scarlett2_usb_set_config() scarlett2_usb_set_config() llama a scarlett2_usb_get() pero no verifica el resultado. Devuelve el error si fallo en lugar de continuar con un valor no válido. • https://git.kernel.org/stable/c/9e15fae6c51a362418f8b3054f1322c54675df94 https://git.kernel.org/stable/c/51d5697e1c0380d482c3eab002bfc8d0be177e99 https://git.kernel.org/stable/c/be96acd3eaa790d10a5b33e65267f52d02f6ad88 https://git.kernel.org/stable/c/996fde492ad9b9563ee483b363af40d7696a8467 https://git.kernel.org/stable/c/145c5aa51486171025ab47f35cff34bff8d0cea3 https://git.kernel.org/stable/c/ca459dfa7d4ed9098fcf13e410963be6ae9b6bf3 •