CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52796 – ipvlan: add ipvlan_route_v6_outbound() helper
https://notcve.org/view.php?id=CVE-2023-52796
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlan_route_v6_outbound() helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlan_process_v6_outbound() by moving the flowi6 struct used for the route lookup in an non inlined helper. ipvlan_route_v6_outbound() needs 120 bytes on the stack, immediately reclaimed. Also make sure ipvlan_process_v4_outbound() is not inlined. We might also have to lower MAX_NEST_DEV, becau... • https://git.kernel.org/stable/c/2ad7bf3638411cb547f2823df08166c13ab04269 • CWE-121: Stack-based Buffer Overflow •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52795 – vhost-vdpa: fix use after free in vhost_vdpa_probe()
https://notcve.org/view.php?id=CVE-2023-52795
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix use after free in vhost_vdpa_probe() The put_device() calls vhost_vdpa_release_dev() which calls ida_simple_remove() and frees "v". So this call to ida_simple_remove() is a use after free and a double free. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: vhost-vdpa: corrige el use after free en vhost_vdpa_probe(). El put_device() llama a vhost_vdpa_release_dev() que llama a ida_simple_remove() y libera "... • https://git.kernel.org/stable/c/ebe6a354fa7e0a7d5b581da31ad031b19d8693f9 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52794 – thermal: intel: powerclamp: fix mismatch in get function for max_idle
https://notcve.org/view.php?id=CVE-2023-52794
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: intel: powerclamp: fix mismatch in get function for max_idle KASAN reported this [ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90 [ 444.853111] Read of size 4 at addr ffffffffc16c9220 by task cat/2105 ... [ 444.853442] The buggy address belongs to the variable: [ 444.853443] max_idle+0x0/0xffffffffffffcde0 [intel_powerclamp] There is a mismatch between the param_get_int and... • https://git.kernel.org/stable/c/ebf519710218814cf827adbf9111af081344c969 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52792 – cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails
https://notcve.org/view.php?id=CVE-2023-52792
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails Commit 5e42bcbc3fef ("cxl/region: decrement ->nr_targets on error in cxl_region_attach()") tried to avoid 'eiw' initialization errors when ->nr_targets exceeded 16, by just decrementing ->nr_targets when cxl_region_setup_targets() failed. Commit 86987c766276 ("cxl/region: Cleanup target list on attach error") extended that cleanup to also clear cxled->pos and p->tar... • https://git.kernel.org/stable/c/5e42bcbc3fef6e759dfb4d3f4cfb394c382b4249 •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52791 – i2c: core: Run atomic i2c xfer when !preemptible
https://notcve.org/view.php?id=CVE-2023-52791
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() while waiting for the DMA). panic() calls preempt_disable_notrace() before calling emergency_restart(). Therefore, if an i2c device is used for the restart, the xfer should be atomic. This avoids warnings like: [ 12.667612] WARNI... • https://git.kernel.org/stable/c/bae1d3a05a8b99bd748168bbf8155a1d047c562e • CWE-459: Incomplete Cleanup •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52790 – swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC
https://notcve.org/view.php?id=CVE-2023-52790
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC Limit the free list length to the size of the IO TLB. Transient pool can be smaller than IO_TLB_SEGSIZE, but the free list is initialized with the assumption that the total number of slots is a multiple of IO_TLB_SEGSIZE. As a result, swiotlb_area_find_slots() may allocate slots past the end of a transient IO TLB buffer. En el kernel de Linux, se ha resuelto la siguien... • https://git.kernel.org/stable/c/79636caad3618e2b38457f6e298c9b31ba82b489 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52789 – tty: vcc: Add check for kstrdup() in vcc_probe()
https://notcve.org/view.php?id=CVE-2023-52789
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: vcc: Add check for kstrdup() in vcc_probe() Add check for the return value of kstrdup() and return the error, if it fails in order to avoid NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: vcc: Agregar verificación para kstrdup() en vcc_probe(). Agregar verificación para el valor de retorno de kstrdup() y devolver el error, si falla, para evitar la desreferencia de puntero NULL . • https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3 •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52788 – i915/perf: Fix NULL deref bugs with drm_dbg() calls
https://notcve.org/view.php?id=CVE-2023-52788
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i915/perf: Fix NULL deref bugs with drm_dbg() calls When i915 perf interface is not available dereferencing it will lead to NULL dereferences. As returning -ENOTSUPP is pretty clear return when perf interface is not available. [tursulin: added stable tag] (cherry picked from commit 36f27350ff745bd228ab04d7845dfbffc177a889) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i915/perf: corrige errores de desreferencia NULL... • https://git.kernel.org/stable/c/9b344cf6aea0a69c00e19efdc6e02c6d5aae1a23 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52787 – blk-mq: make sure active queue usage is held for bio_integrity_prep()
https://notcve.org/view.php?id=CVE-2023-52787
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: make sure active queue usage is held for bio_integrity_prep() blk_integrity_unregister() can come if queue usage counter isn't held for one bio with integrity prepared, so this request may be completed with calling profile->complete_fn, then kernel panic. Another constraint is that bio_integrity_prep() needs to be called before bio merge. Fix the issue by: - call bio_integrity_prep() with one queue usage counter grabbed reliabl... • https://git.kernel.org/stable/c/900e080752025f0016128f07c9ed4c50eba3654b •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52786 – ext4: fix racy may inline data check in dio write
https://notcve.org/view.php?id=CVE-2023-52786
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix racy may inline data check in dio write syzbot reports that the following warning from ext4_iomap_begin() triggers as of the commit referenced below: if (WARN_ON_ONCE(ext4_has_inline_data(inode))) return -ERANGE; This occurs during a dio write, which is never expected to encounter an inode with inline data. To enforce this behavior, ext4_dio_write_iter() checks the current inline state of the inode and ... • https://git.kernel.org/stable/c/310ee0902b8d9d0a13a5a13e94688a5863fa29c2 •