CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52693 – ACPI: video: check for error while searching for backlight device parent
https://notcve.org/view.php?id=CVE-2023-52693
In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because acpi_ut_acquire_mutex() fails inside acpi_get_parent), this can lead to incorrect (uninitialized) acpi_parent handle being passed to acpi_get_pci_dev() for detecting the parent pci device. Check acpi_get_parent() result and set parent device only in case of success. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: vídeo: comprueba si hay errores al buscar el dispositivo de retroiluminación principal. Si la llamada acpi_get_parent() en acpi_video_dev_register_backlight() fallo, por ejemplo, porque acpi_ut_acquire_mutex() fallo dentro de acpi_get_parent), esto puede provocar que se pase el identificador acpi_parent incorrecto (no inicializado) a acpi_get_pci_dev() para detectar el dispositivo pci principal. Verifique el resultado de acpi_get_parent() y configure el dispositivo principal solo en caso de éxito. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/9661e92c10a9775243c1ecb73373528ed8725a10 https://git.kernel.org/stable/c/556f02699d33c1f40b1b31bd25828ce08fa165d8 https://git.kernel.org/stable/c/1e3a2b9b4039bb4d136dca59fb31e06465e056f3 https://git.kernel.org/stable/c/c4e1a0ef0b4782854c9b77a333ca912b392bed2f https://git.kernel.org/stable/c/3a370502a5681986f9828e43be75ce26c6ab24af https://git.kernel.org/stable/c/2124c5bc22948fc4d09a23db4a8acdccc7d21e95 https://git.kernel.org/stable/c/39af144b6d01d9b40f52e5d773e653957e6c379c https://git.kernel.org/stable/c/72884ce4e10417b1233b614bf134da852 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52692 – ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config()
https://notcve.org/view.php?id=CVE-2023-52692
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was not checking the result. Return the error if it fails rather than continuing with an invalid value. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ALSA: scarlett2: Añadida verificación de error faltante a scarlett2_usb_set_config() scarlett2_usb_set_config() llama a scarlett2_usb_get() pero no verifica el resultado. Devuelve el error si fallo en lugar de continuar con un valor no válido. • https://git.kernel.org/stable/c/9e15fae6c51a362418f8b3054f1322c54675df94 https://git.kernel.org/stable/c/51d5697e1c0380d482c3eab002bfc8d0be177e99 https://git.kernel.org/stable/c/be96acd3eaa790d10a5b33e65267f52d02f6ad88 https://git.kernel.org/stable/c/996fde492ad9b9563ee483b363af40d7696a8467 https://git.kernel.org/stable/c/145c5aa51486171025ab47f35cff34bff8d0cea3 https://git.kernel.org/stable/c/ca459dfa7d4ed9098fcf13e410963be6ae9b6bf3 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52691 – drm/amd/pm: fix a double-free in si_dpm_init
https://notcve.org/view.php?id=CVE-2023-52691
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free some fields of adev. However, when the control flow returns to si_dpm_sw_init, it goes to label dpm_failed and calls si_dpm_fini, which calls amdgpu_free_extended_power_table again and free those fields again. Thus a double-free is triggered. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: corrige una double free en si_dpm_init Cuando fallo la asignación de adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries, se llama a amdgpu_free_extended_power_table para liberar algunos campos de adev. Sin embargo, cuando el flujo de control regresa a si_dpm_sw_init, va a la etiqueta dpm_failed y llama a si_dpm_fini, que llama a amdgpu_free_extended_power_table nuevamente y libera esos campos nuevamente. De este modo se activa un double free. • https://git.kernel.org/stable/c/841686df9f7d2942cfd94d024b8591fa3f74ef7c https://git.kernel.org/stable/c/afe9f5b871f86d58ecdc45b217b662227d7890d0 https://git.kernel.org/stable/c/06d95c99d5a4f5accdb79464076efe62e668c706 https://git.kernel.org/stable/c/aeed2b4e4a70c7568d4a5eecd6a109713c0dfbf4 https://git.kernel.org/stable/c/2bf47c89bbaca2bae16581ef1b28aaec0ade0334 https://git.kernel.org/stable/c/f957a1be647f7fc65926cbf572992ec2747a93f2 https://git.kernel.org/stable/c/fb1936cb587262cd539e84b34541abb06e42b2f9 https://git.kernel.org/stable/c/ca8e2e251c65e5a712f6025e27bd9b26d •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52690 – powerpc/powernv: Add a null pointer check to scom_debug_init_one()
https://notcve.org/view.php?id=CVE-2023-52690
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check, and release 'ent' to avoid memory leaks. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/powernv: agregue una verificación de puntero null a scom_debug_init_one() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. Agregue una verificación de puntero null y suelte 'ent' para evitar pérdidas de memoria. • https://git.kernel.org/stable/c/bfd2f0d49aef8abfe6bf58f12719f39912993cc6 https://git.kernel.org/stable/c/f84c1446daa552e9699da8d1f8375eac0f65edc7 https://git.kernel.org/stable/c/1eefa93faf69188540b08b024794fa90b1d82e8b https://git.kernel.org/stable/c/2a82c4439b903639e0a1f21990cd399fb0a49c19 https://git.kernel.org/stable/c/ed8d023cfa97b559db58c0e1afdd2eec7a83d8f2 https://git.kernel.org/stable/c/dd8422ff271c22058560832fc3006324ded895a9 https://git.kernel.org/stable/c/a9c05cbb6644a2103c75b6906e9dafb9981ebd13 https://git.kernel.org/stable/c/9a260f2dd827bbc82cc60eb4f4d8c2270 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52686 – powerpc/powernv: Add a null pointer check in opal_event_init()
https://notcve.org/view.php?id=CVE-2023-52686
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/powernv: añadir una verificación de puntero nulo en opal_event_init() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. • https://git.kernel.org/stable/c/2717a33d60745f2f72e521cdaedf79b00f66f8ca https://git.kernel.org/stable/c/8422d179cf46889c15ceff9ede48c5bfa4e7f0b4 https://git.kernel.org/stable/c/e93d7cf4c1ddbcd846739e7ad849f955a4f18031 https://git.kernel.org/stable/c/e6ad05e3ae9c84c5a71d7bb2d44dc845ae7990cf https://git.kernel.org/stable/c/c0b111ea786ddcc8be0682612830796ece9436c7 https://git.kernel.org/stable/c/9a523e1da6d88c2034f946adfa4f74b236c95ca9 https://git.kernel.org/stable/c/a14c55eb461d630b836f80591d8caf1f74e62877 https://git.kernel.org/stable/c/e08c2e275fa1874de945b87093f925997 •