CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52680 – ALSA: scarlett2: Add missing error checks to *_ctl_get()
https://notcve.org/view.php?id=CVE-2023-52680
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The *_ctl_get() functions which call scarlett2_update_*() were not checking the return value. Fix to check the return value and pass to the caller. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: scarlett2: Agregar comprobaciones de errores faltantes a *_ctl_get() Las funciones *_ctl_get() que llaman a scarlett2_update_*() no estaban comprobando el valor de ... • https://git.kernel.org/stable/c/9e4d5c1be21f0c00e747e92186784f3298309b3e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52679 – of: Fix double free in of_parse_phandle_with_args_map
https://notcve.org/view.php?id=CVE-2023-52679
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop. Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assi... • https://git.kernel.org/stable/c/bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52678 – drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c
https://notcve.org/view.php?id=CVE-2023-52678
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Before using list_first_entry, make sure to check that list is not empty, if list is empty return -ENODATA. Fixes the below: drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1347 kfd_create_indirect_link_prop() warn: can 'gpu_link' even be NULL? drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1428 kfd_add_peer_prop() warn: can 'iolink1' even ... • https://git.kernel.org/stable/c/0f28cca87e9afc22280c44d378d2a6e249933977 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52677 – riscv: Check if the code to patch lies in the exit section
https://notcve.org/view.php?id=CVE-2023-52677
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: Check if the code to patch lies in the exit section Otherwise we fall through to vmalloc_to_page() which panics since the address does not lie in the vmalloc region. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: compruebe si el código a parchear se encuentra en la sección de salida. De lo contrario, caeremos en vmalloc_to_page(), lo que entra en pánico ya que la dirección no se encuentra en la región vma... • https://git.kernel.org/stable/c/043cb41a85de1c0e944da61ad7a264960e22c865 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52676 – bpf: Guard stack limits against 32bit overflow
https://notcve.org/view.php?id=CVE-2023-52676
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit register with a int offset. The register was checked to be below 1<<29 when it was variable, but not when it was fixed. The offset either comes from an instruction (in which case it is 16 bit), from another register (in ... • https://git.kernel.org/stable/c/ad140fc856f0b1d5e2215bcb6d0cc247a86805a2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52675 – powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
https://notcve.org/view.php?id=CVE-2023-52675
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/imc-pmu: agregue una verificación de puntero null en update_events_in_group() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. • https://git.kernel.org/stable/c/885dcd709ba9120b9935415b8b0f9d1b94e5826b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52674 – ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()
https://notcve.org/view.php?id=CVE-2023-52674
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't attempt to access outside scarlett2_mixer_values[]. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: scarlett2: Add clamp() en scarlett2_mixer_ctl_put() Asegúrese de que el valor pasado a scarlett2_mixer_ctl_put() esté entre 0 y SCARLETT2_MIXER_MAX_VAL... • https://git.kernel.org/stable/c/9e4d5c1be21f0c00e747e92186784f3298309b3e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35838 – wifi: mac80211: fix potential sta-link leak
https://notcve.org/view.php?id=CVE-2024-35838
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential sta-link leak When a station is allocated, links are added but not set to valid yet (e.g. during connection to an AP MLD), we might remove the station without ever marking links valid, and leak them. Fix that. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: corrige una posible fuga de sta-link Cuando se asigna una estación, los enlaces se agregan pero aún no se configuran co... • https://git.kernel.org/stable/c/cb71f1d136a635decf43c3b502ee34fb05640fcd •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35837 – net: mvpp2: clear BM pool before initialization
https://notcve.org/view.php?id=CVE-2024-35837
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: mvpp2: borre el grupo de BM antes de la inicialización. El valor del registro persiste después de iniciar el kernel usando kexec, lo que genera pánico en el kern... • https://git.kernel.org/stable/c/3f518509dedc99f0b755d2ce68d24f610e3a005a •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35836 – dpll: fix pin dump crash for rebound module
https://notcve.org/view.php?id=CVE-2024-35836
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed (other kernel module instance of the same PCI device have had kept the reference to that pin), and kernel module is again bound, the pin properties would not be updated (the properties are only assigned when memory for the pin is allocated), prop pointer still points to the kernel module memory of the kernel module whi... • https://git.kernel.org/stable/c/9d71b54b65b1fb6c0d3a6c5c88ba9b915c783fbc •