CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52691 – drm/amd/pm: fix a double-free in si_dpm_init
https://notcve.org/view.php?id=CVE-2023-52691
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free some fields of adev. However, when the control flow returns to si_dpm_sw_init, it goes to label dpm_failed and calls si_dpm_fini, which calls amdgpu_free_extended_power_table again and free those fields again. Thus a double-free is triggered. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: corrige una double free en si_dpm_init Cuando fallo la asignación de adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries, se llama a amdgpu_free_extended_power_table para liberar algunos campos de adev. Sin embargo, cuando el flujo de control regresa a si_dpm_sw_init, va a la etiqueta dpm_failed y llama a si_dpm_fini, que llama a amdgpu_free_extended_power_table nuevamente y libera esos campos nuevamente. De este modo se activa un double free. • https://git.kernel.org/stable/c/841686df9f7d2942cfd94d024b8591fa3f74ef7c https://git.kernel.org/stable/c/afe9f5b871f86d58ecdc45b217b662227d7890d0 https://git.kernel.org/stable/c/06d95c99d5a4f5accdb79464076efe62e668c706 https://git.kernel.org/stable/c/aeed2b4e4a70c7568d4a5eecd6a109713c0dfbf4 https://git.kernel.org/stable/c/2bf47c89bbaca2bae16581ef1b28aaec0ade0334 https://git.kernel.org/stable/c/f957a1be647f7fc65926cbf572992ec2747a93f2 https://git.kernel.org/stable/c/fb1936cb587262cd539e84b34541abb06e42b2f9 https://git.kernel.org/stable/c/ca8e2e251c65e5a712f6025e27bd9b26d •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52690 – powerpc/powernv: Add a null pointer check to scom_debug_init_one()
https://notcve.org/view.php?id=CVE-2023-52690
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check, and release 'ent' to avoid memory leaks. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/powernv: agregue una verificación de puntero null a scom_debug_init_one() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. Agregue una verificación de puntero null y suelte 'ent' para evitar pérdidas de memoria. • https://git.kernel.org/stable/c/bfd2f0d49aef8abfe6bf58f12719f39912993cc6 https://git.kernel.org/stable/c/f84c1446daa552e9699da8d1f8375eac0f65edc7 https://git.kernel.org/stable/c/1eefa93faf69188540b08b024794fa90b1d82e8b https://git.kernel.org/stable/c/2a82c4439b903639e0a1f21990cd399fb0a49c19 https://git.kernel.org/stable/c/ed8d023cfa97b559db58c0e1afdd2eec7a83d8f2 https://git.kernel.org/stable/c/dd8422ff271c22058560832fc3006324ded895a9 https://git.kernel.org/stable/c/a9c05cbb6644a2103c75b6906e9dafb9981ebd13 https://git.kernel.org/stable/c/9a260f2dd827bbc82cc60eb4f4d8c2270 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52686 – powerpc/powernv: Add a null pointer check in opal_event_init()
https://notcve.org/view.php?id=CVE-2023-52686
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/powernv: añadir una verificación de puntero nulo en opal_event_init() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. • https://git.kernel.org/stable/c/2717a33d60745f2f72e521cdaedf79b00f66f8ca https://git.kernel.org/stable/c/8422d179cf46889c15ceff9ede48c5bfa4e7f0b4 https://git.kernel.org/stable/c/e93d7cf4c1ddbcd846739e7ad849f955a4f18031 https://git.kernel.org/stable/c/e6ad05e3ae9c84c5a71d7bb2d44dc845ae7990cf https://git.kernel.org/stable/c/c0b111ea786ddcc8be0682612830796ece9436c7 https://git.kernel.org/stable/c/9a523e1da6d88c2034f946adfa4f74b236c95ca9 https://git.kernel.org/stable/c/a14c55eb461d630b836f80591d8caf1f74e62877 https://git.kernel.org/stable/c/e08c2e275fa1874de945b87093f925997 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52683 – ACPI: LPIT: Avoid u32 multiplication overflow
https://notcve.org/view.php?id=CVE-2023-52683
In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if tsc_khz is large enough (> UINT_MAX/1000). Change multiplication to mul_u32_u32(). Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ACPI: LPIT: Evitar desbordamiento de multiplicación u32 En lpit_update_residency() existe la posibilidad de desbordamiento en la multiplicación, si tsc_khz es lo suficientemente grande (> UINT_MAX/1000). Cambie la multiplicación a mul_u32_u32(). Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/eeb2d80d502af28e5660ff4bbe00f90ceb82c2db https://git.kernel.org/stable/c/647d1d50c31e60ef9ccb9756a8fdf863329f7aee https://git.kernel.org/stable/c/6c38e791bde07d6ca2a0a619ff9b6837e0d5f9ad https://git.kernel.org/stable/c/f39c3d578c7d09a18ceaf56750fc7f20b02ada63 https://git.kernel.org/stable/c/c1814a4ffd016ce5392c6767d22ef3aa2f0d4bd1 https://git.kernel.org/stable/c/72222dfd76a79d9666ab3117fcdd44ca8cd0c4de https://git.kernel.org/stable/c/d1ac288b2742aa4af746c5613bac71760fadd1c4 https://git.kernel.org/stable/c/b7aab9d906e2e252a7783f872406033ec •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52680 – ALSA: scarlett2: Add missing error checks to *_ctl_get()
https://notcve.org/view.php?id=CVE-2023-52680
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The *_ctl_get() functions which call scarlett2_update_*() were not checking the return value. Fix to check the return value and pass to the caller. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: scarlett2: Agregar comprobaciones de errores faltantes a *_ctl_get() Las funciones *_ctl_get() que llaman a scarlett2_update_*() no estaban comprobando el valor de retorno. Corrija para verificar el valor de retorno y pasarlo a la persona que llama. • https://git.kernel.org/stable/c/9e4d5c1be21f0c00e747e92186784f3298309b3e https://git.kernel.org/stable/c/3a09488f4f67f7ade59b8ac62a6c7fb29439cf51 https://git.kernel.org/stable/c/cda7762bea857e6951315a2f7d0632ea1850ed43 https://git.kernel.org/stable/c/821fbaeaaae23d483d3df799fe91ec8045973ec3 https://git.kernel.org/stable/c/773e38f73461ef2134a0d33a08f1668edde9b7c3 https://git.kernel.org/stable/c/50603a67daef161c78c814580d57f7f0be57167e •