CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52615 – hwrng: core - Fix page fault dead lock on mmap-ed hwrng
https://notcve.org/view.php?id=CVE-2023-52615
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resulting page fault triggers a recursive read which then dead-locks. Fix this by using a stack buffer when calling copy_to_user. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hwrng: core: soluciona el bloqueo de falla de ... • https://git.kernel.org/stable/c/9996508b3353063f2d6c48c1a28a84543d72d70b • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52614 – PM / devfreq: Fix buffer overflow in trans_stat_show
https://notcve.org/view.php?id=CVE-2023-52614
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. • https://git.kernel.org/stable/c/e552bbaf5b987f57c43e6981a452b8a3c700b1ae • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-26633 – ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
https://notcve.org/view.php?id=CVE-2024-26633
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/i... • https://git.kernel.org/stable/c/fbfa743a9d2a0ffa24251764f10afc13eb21e739 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26632 – block: Fix iterating over an empty bio with bio_for_each_folio_all
https://notcve.org/view.php?id=CVE-2024-26632
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bio_for_each_folio_all If the bio contains no data, bio_first_folio() calls page_folio() on a NULL pointer and oopses. Move the test that we've reached the end of the bio from bio_next_folio() to bio_first_folio(). [axboe: add unlikely() to error case] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bloque: corrige la iteración sobre una biografía vacía con bio_for_each_folio_all S... • https://git.kernel.org/stable/c/640d1930bef4f87ec8d8d2b05f0f6edc1dfcf662 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26631 – ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
https://notcve.org/view.php?id=CVE-2024-26631
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work idev->mc_ifc_count can be written over without proper locking. Originally found by syzbot [1], fix this issue by encapsulating calls to mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with mutex_lock() and mutex_unlock() accordingly as these functions should only be called with mc_lock per their declarations. [1] BUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work writ... • https://git.kernel.org/stable/c/2d9a93b4902be6a5504b5941dd15e9cd776aadca • CWE-414: Missing Lock Check •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52612 – crypto: scomp - fix req->dst buffer overflow
https://notcve.org/view.php?id=CVE-2023-52612
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: scomp - fix req->dst buffer overflow The req->dst buffer size should be checked before copying from the scomp_scratch->dst to avoid req->dst buffer overflow problem. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: scomp - corrige el desbordamiento del búfer req->dst. El tamaño del búfer req->dst debe verificarse antes de copiar desde scomp_scratch->dst para evitar el problema de desbordamiento del... • https://git.kernel.org/stable/c/1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52610 – net/sched: act_ct: fix skb leak and crash on ooo frags
https://notcve.org/view.php?id=CVE-2023-52610
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph which is not straightforward. However when frags arrive out of order, nobody unref the last frag, and all frags are leaked. The situation is even worse, as initiating packet capture can lead to a crash[0] when skb has been cloned and shared at... • https://git.kernel.org/stable/c/b57dc7c13ea90e09ae15f821d2583fa0231b4935 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52609 – binder: fix race between mmput() and do_exit()
https://notcve.org/view.php?id=CVE-2023-52609
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput() and do_exit() Task A calls binder_update_page_range() to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmget_not_zero() first. This can race with Task B do_exit() and the final mmput() refcount decrement will come from Task A. Task A | Task B ------------------+------------------ mmget_not_zero() | | do_exit() | exit_mm() | mmput() mmput() | exit_mma... • https://git.kernel.org/stable/c/457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-26629 – nfsd: fix RELEASE_LOCKOWNER
https://notcve.org/view.php?id=CVE-2024-26629
13 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for nfsd4_release_lockowner(), the test on so_count can transiently return a false positive resulting in a return of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is clearly a protocol violation and with the Linux N... • https://git.kernel.org/stable/c/3097f38e91266c7132c3fdb7e778fac858c00670 • CWE-393: Return of Wrong Status Code •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52608 – firmware: arm_scmi: Check mailbox/SMT channel for consistency
https://notcve.org/view.php?id=CVE-2023-52608
13 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Check mailbox/SMT channel for consistency On reception of a completion interrupt the shared memory area is accessed to retrieve the message header at first and then, if the message sequence number identifies a transaction which is still pending, the related payload is fetched too. When an SCMI command times out the channel ownership remains with the platform until eventually a late reply is received and, as a consequence... • https://git.kernel.org/stable/c/5c8a47a5a91d4d6e185f758d61997613d9c5d6ac •