CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52686 – powerpc/powernv: Add a null pointer check in opal_event_init()
https://notcve.org/view.php?id=CVE-2023-52686
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/powernv: añadir una verificación de puntero nulo en opal_event_init() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. • https://git.kernel.org/stable/c/2717a33d60745f2f72e521cdaedf79b00f66f8ca https://git.kernel.org/stable/c/8422d179cf46889c15ceff9ede48c5bfa4e7f0b4 https://git.kernel.org/stable/c/e93d7cf4c1ddbcd846739e7ad849f955a4f18031 https://git.kernel.org/stable/c/e6ad05e3ae9c84c5a71d7bb2d44dc845ae7990cf https://git.kernel.org/stable/c/c0b111ea786ddcc8be0682612830796ece9436c7 https://git.kernel.org/stable/c/9a523e1da6d88c2034f946adfa4f74b236c95ca9 https://git.kernel.org/stable/c/a14c55eb461d630b836f80591d8caf1f74e62877 https://git.kernel.org/stable/c/e08c2e275fa1874de945b87093f925997 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52683 – ACPI: LPIT: Avoid u32 multiplication overflow
https://notcve.org/view.php?id=CVE-2023-52683
In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if tsc_khz is large enough (> UINT_MAX/1000). Change multiplication to mul_u32_u32(). Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ACPI: LPIT: Evitar desbordamiento de multiplicación u32 En lpit_update_residency() existe la posibilidad de desbordamiento en la multiplicación, si tsc_khz es lo suficientemente grande (> UINT_MAX/1000). Cambie la multiplicación a mul_u32_u32(). Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/eeb2d80d502af28e5660ff4bbe00f90ceb82c2db https://git.kernel.org/stable/c/647d1d50c31e60ef9ccb9756a8fdf863329f7aee https://git.kernel.org/stable/c/6c38e791bde07d6ca2a0a619ff9b6837e0d5f9ad https://git.kernel.org/stable/c/f39c3d578c7d09a18ceaf56750fc7f20b02ada63 https://git.kernel.org/stable/c/c1814a4ffd016ce5392c6767d22ef3aa2f0d4bd1 https://git.kernel.org/stable/c/72222dfd76a79d9666ab3117fcdd44ca8cd0c4de https://git.kernel.org/stable/c/d1ac288b2742aa4af746c5613bac71760fadd1c4 https://git.kernel.org/stable/c/b7aab9d906e2e252a7783f872406033ec •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52682 – f2fs: fix to wait on block writeback for post_read case
https://notcve.org/view.php?id=CVE-2023-52682
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to call f2fs_wait_on_block_writeback() to wait for GCed page writeback in IPU write path. Thread A GC-Thread - f2fs_gc - do_garbage_collect - gc_data_segment - move_data_block - f2fs_submit_page_write migrate normal cluster's block via meta_inode's page cache - f2fs_write_single_data_page - f2fs_do_write_data_page - f2fs_inplace_write_data - f2fs_submit_page_bio IRQ - f2fs_read_end_io IRQ old data overrides new data due to out-of-order GC and common IO. - f2fs_read_end_io En el kernel de Linux, se resolvió la siguiente vulnerabilidad: f2fs: corrección para esperar en la reescritura del bloque para el caso post_read. Si el inodo está comprimido, pero no encriptado, no llamó a f2fs_wait_on_block_writeback() para esperar la reescritura de la página GCed en la ruta de escritura de la IPU. Subproceso A GC-Thread - f2fs_gc - do_garbage_collect - gc_data_segment - move_data_block - f2fs_submit_page_write migra el bloque del clúster normal a través del caché de página de meta_inode - f2fs_write_single_data_page - f2fs_do_write_data_page - f2fs_inplace_write_data - f2fs_submit_page_bio IRQ - fs_read_end_io Los datos antiguos de IRQ anulan los datos nuevos debido a GC desordenado y común OÍ. - f2fs_read_end_io • https://git.kernel.org/stable/c/4c8ff7095bef64fc47e996a938f7d57f9e077da3 https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3 https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2 https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986 https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52680 – ALSA: scarlett2: Add missing error checks to *_ctl_get()
https://notcve.org/view.php?id=CVE-2023-52680
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The *_ctl_get() functions which call scarlett2_update_*() were not checking the return value. Fix to check the return value and pass to the caller. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: scarlett2: Agregar comprobaciones de errores faltantes a *_ctl_get() Las funciones *_ctl_get() que llaman a scarlett2_update_*() no estaban comprobando el valor de retorno. Corrija para verificar el valor de retorno y pasarlo a la persona que llama. • https://git.kernel.org/stable/c/9e4d5c1be21f0c00e747e92186784f3298309b3e https://git.kernel.org/stable/c/3a09488f4f67f7ade59b8ac62a6c7fb29439cf51 https://git.kernel.org/stable/c/cda7762bea857e6951315a2f7d0632ea1850ed43 https://git.kernel.org/stable/c/821fbaeaaae23d483d3df799fe91ec8045973ec3 https://git.kernel.org/stable/c/773e38f73461ef2134a0d33a08f1668edde9b7c3 https://git.kernel.org/stable/c/50603a67daef161c78c814580d57f7f0be57167e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52679 – of: Fix double free in of_parse_phandle_with_args_map
https://notcve.org/view.php?id=CVE-2023-52679
In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop. Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigned to "cur". Extend the unittest to detect the double free and add an additional test case that actually triggers this path. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: of: Solucionado double free en of_parse_phandle_with_args_map En of_parse_phandle_with_args_map() el bucle interno que itera por las entradas del mapa llama a of_node_put(new) para liberar la referencia adquirida por la iteración anterior del bucle interno . Esto supone que el valor de "nuevo" es NULL en la primera iteración del bucle interno. Asegúrese de que esto sea cierto en todas las iteraciones del bucle externo estableciendo "nuevo" en NULL después de que su valor se asigne a "cur". • https://git.kernel.org/stable/c/bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2 https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21 https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8 https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54 •