CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52752 – smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
https://notcve.org/view.php?id=CVE-2023-52752
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPT... • https://git.kernel.org/stable/c/558817597d5fbd7af31f891b67b0fd20f0d047b7 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52751 – smb: client: fix use-after-free in smb2_query_info_compound()
https://notcve.org/view.php?id=CVE-2023-52751
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in smb2_query_info_compound() The following UAF was triggered when running fstests generic/072 with KASAN enabled against Windows Server 2022 and mount options 'multichannel,max_channels=2,vers=3.1.1,mfsymlinks,noperm' BUG: KASAN: slab-use-after-free in smb2_query_info_compound+0x423/0x6d0 [cifs] Read of size 8 at addr ffff888014941048 by task xfs_io/27534 CPU: 0 PID: 27534 Comm: xfs_io Not tainted ... • https://git.kernel.org/stable/c/6db94d08359c43f2c8fe372811cdee04564a41b9 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52750 – arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer
https://notcve.org/view.php?id=CVE-2023-52750
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's integrated assembler would incorrectly byte-swap NOP when compiling for big-endian, and the resulting series of bytes happened to match the encoding of FNMADD S21, S30, S0, S0. This went unnoticed until commit: 34f66c4c4d5518c1 ("arm64: Use a positive cpucap for FP/SIMD") Prior to that commit, the kernel would always enable the use of FPSI... • https://git.kernel.org/stable/c/d08a1e75253b4e19ae290b1c35349f12cfcebc0a •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52749 – spi: Fix null dereference on suspend
https://notcve.org/view.php?id=CVE-2023-52749
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system suspend. This can cause a null pointer dereference exception to occur when the system resumes. Example order of events leading to the exception: 1. spi_sync() calls __spi_transfer_message_noqueue() which sets ctlr->cur_msg 2. Spi transfer begins via spi_transfer_one_message() 3. System is suspended interrup... • https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52748 – f2fs: avoid format-overflow warning
https://notcve.org/view.php?id=CVE-2023-52748
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function ‘f2fs_init_page_array_cache’: fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between 1 and 7 bytes into a region of size between 5 and 8 [-Werror=format-overflow=] 1984 | sprintf(slab_name, "f2fs_page_array_entry-%u:%u", MAJOR(dev), MINOR(dev)); | ^~ ... • https://git.kernel.org/stable/c/31083031709eea6530f0551d59eecdb2e68265ef •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48710 – drm/radeon: fix a possible null pointer dereference
https://notcve.org/view.php?id=CVE-2022-48710
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix a possible null pointer dereference In radeon_fp_native_mode(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. The failure status of drm_cvt_mode() on the other path is checked too. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/radeon: corrige una posible desreferencia del pun... • https://git.kernel.org/stable/c/b33f7d99c9226892c7794dc2500fae35966020c9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47432 – lib/generic-radix-tree.c: Don't overflow in peek()
https://notcve.org/view.php?id=CVE-2021-47432
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the radix tree code. Oops. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: lib/generic-radix-tree.c: No se desborda en peek() Cuando comenzamos a distribuir nuevos números de inodos en la mayor parte de... • https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52747 – IB/hfi1: Restore allocated resources on failed copyout
https://notcve.org/view.php?id=CVE-2023-52747
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Restore allocated resources on failed copyout Fix a resource leak if an error occurs. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: IB/hfi1: restaurar los recursos asignados en caso de copia fallida. Reparar una fuga de recursos si se produce un error. • https://git.kernel.org/stable/c/f404ca4c7ea8e650ba09ba87c71c7a89c865d5be •
CVSS: 2.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52746 – xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
https://notcve.org/view.php?id=CVE-2023-52746
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) { return -EOPNOTSUPP; } @type is then used as an array index and can be used as a Spectre v1 gadget. if (nla_len(nla) < compat_policy[type].len) { array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users. En el kernel de Linux, se ha resuelto la siguiente vul... • https://git.kernel.org/stable/c/5106f4a8acff480e244300bc5097c0ad7048c3a2 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52745 – IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
https://notcve.org/view.php?id=CVE-2023-52745
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queues. This causes to a crash when traffic is sent over the PKEY interface due to the parent having a single queue but the child having multiple queues. This patch fixes the number of queues to 1 for legacy IPoIB at the earliest possi... • https://git.kernel.org/stable/c/d4bf3fcccd188db9f3310d93472041cdefba97bf •