CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52768 – wifi: wilc1000: use vmm_table as array in wilc struct
https://notcve.org/view.php?id=CVE-2023-52768
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: use vmm_table as array in wilc struct Enabling KASAN and running some iperf tests raises some memory issues with vmm_table: BUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4 Write of size 4 at addr c3a61540 by task wlan0-tx/95 KASAN detects that we are writing data beyond range allocated to vmm_table. There is indeed a mismatch between the size passed to allocator in wilc_wlan_init, and the range of poss... • https://git.kernel.org/stable/c/32dd0b22a5ba1dd296ccf2caf46ad44c3a8d5d98 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52767 – tls: fix NULL deref on tls_sw_splice_eof() with empty record
https://notcve.org/view.php?id=CVE-2023-52767
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tls_sw_splice_eof() with empty record syzkaller discovered that if tls_sw_splice_eof() is executed as part of sendfile() when the plaintext/ciphertext sk_msg are empty, the send path gets confused because the empty ciphertext buffer does not have enough space for the encryption overhead. This causes tls_push_record() to go on the `split = true` path (which is only supposed to be used when interacting with an attache... • https://git.kernel.org/stable/c/df720d288dbb1793e82b6ccbfc670ec871e9def4 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52766 – i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
https://notcve.org/view.php?id=CVE-2023-52766
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are not allocated and enabled in hci_dma_init(). Otherwise out of bounds access will occur from rings->headers[i] access when i >= number of allocated ring headers. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i3c: mipi-i3c-hci: corrige el acceso fuera de los límites en hci_dma_irq_handler. No r... • https://git.kernel.org/stable/c/d23ad76f240c0f597b7a9eb79905d246f27d40df •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52765 – mfd: qcom-spmi-pmic: Fix revid implementation
https://notcve.org/view.php?id=CVE-2023-52765
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has been registered that means that it is also bound to a driver, which may not be the case (e.g. due to probe deferral or asynchronous probe). This could trigger a NULL-pointer dereference when attempting to access the driver data of the unbound device. Second,... • https://git.kernel.org/stable/c/e9c11c6e3a0e93903f5a13f8d2f97ae1bba512e1 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52764 – media: gspca: cpia1: shift-out-of-bounds in set_flicker
https://notcve.org/view.php?id=CVE-2023-52764
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit type 'int' When the value of the variable "sd->params.exposure.gain" exceeds the number of bits in an integer, a shift-out-of-bounds error is reported. It is triggered because the variable "currentexp" cannot be left-shifted by more... • https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060 • CWE-125: Out-of-bounds Read •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52763 – i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data.
https://notcve.org/view.php?id=CVE-2023-52763
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data. The `i3c_master_bus_init` function may attach the I2C devices before the I3C bus initialization. In this flow, the DAT `alloc_entry`` will be used before the DAT `init`. Additionally, if the `i3c_master_bus_init` fails, the DAT `cleanup` will execute before the device is detached, which will execue DAT `free_entry` function. The above scenario can cause the driver to us... • https://git.kernel.org/stable/c/39c71357e68e2f03766f9321b9f4882e49ff1442 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52762 – virtio-blk: fix implicit overflow on virtio_max_dma_size
https://notcve.org/view.php?id=CVE-2023-52762
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio-blk: fix implicit overflow on virtio_max_dma_size The following codes have an implicit conversion from size_t to u32: (u32)max_size = (size_t)virtio_max_dma_size(vdev); This may lead overflow, Ex (size_t)4G -> (u32)0. Once virtio_max_dma_size() has a larger size than U32_MAX, use U32_MAX instead. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: virtio-blk: corrige el desbordamiento implícito en virtio_max_dma_size... • https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b • CWE-121: Stack-based Buffer Overflow •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52761 – riscv: VMAP_STACK overflow detection thread-safe
https://notcve.org/view.php?id=CVE-2023-52761
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: VMAP_STACK overflow detection thread-safe commit 31da94c25aea ("riscv: add VMAP_STACK overflow detection") added support for CONFIG_VMAP_STACK. If overflow is detected, CPU switches to `shadow_stack` temporarily before switching finally to per-cpu `overflow_stack`. If two CPUs/harts are racing and end up in over flowing kernel stack, one or both will end up corrupting each other state because `shadow_stack` is not per-cpu. This pa... • https://git.kernel.org/stable/c/76d2a0493a17d4c8ecc781366850c3c4f8e1a446 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52760 – gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
https://notcve.org/view.php?id=CVE-2023-52760
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc In gfs2_put_super(), whether withdrawn or not, the quota should be cleaned up by gfs2_quota_cleanup(). Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu callback) has run for all gfs2_quota_data objects, resulting in use-after-free. Also, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called by gfs2_make_fs_ro(), so in gfs2_put_super(), after calling gfs2_ma... • https://git.kernel.org/stable/c/7ad4e0a4f61c57c3ca291ee010a9d677d0199fba • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52757 – smb: client: fix potential deadlock when releasing mids
https://notcve.org/view.php?id=CVE-2023-52757
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no need to call kref_put(&mid->refcount, __release_mid) under @server->mid_lock spinlock. If they don't, then an use-after-free bug would have occurred anyways. By getting rid of such spinlock also fixes a potential deadlock as shown below CPU 0 CPU 1 -----------------------------... • https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29 • CWE-833: Deadlock •