CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52839 – drivers: perf: Do not broadcast to other cpus when starting a counter
https://notcve.org/view.php?id=CVE-2023-52839
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Do not broadcast to other cpus when starting a counter This command: $ perf record -e cycles:k -e instructions:k -c 10000 -m 64M dd if=/dev/zero of=/dev/null count=1000 gives rise to this kernel warning: [ 444.364395] WARNING: CPU: 0 PID: 104 at kernel/smp.c:775 smp_call_function_many_cond+0x42c/0x436 [ 444.364515] Modules linked in: [ 444.364657] CPU: 0 PID: 104 Comm: perf-exec Not tainted 6.6.0-rc6-00051-g391df82e8ec3-dirty... • https://git.kernel.org/stable/c/3fec323339a4a9801a54e8b282eb571965b67b23 •
CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0CVE-2023-52838 – fbdev: imsttfb: fix a resource leak in probe
https://notcve.org/view.php?id=CVE-2023-52838
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe I've re-written the error handling but the bug is that if init_imstt() fails we need to call iounmap(par->cmap_regs). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: fbdev: imsttfb: corrige una fuga de recursos en la sonda. He reescrito el manejo de errores, pero el error es que si init_imstt() falla, debemos llamar a iounmap(par-> cmap_regs). In the Linux kernel, the following... • https://git.kernel.org/stable/c/7f683f286a2196bd4d2da420a3194f5ba0269d8c • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52837 – nbd: fix uaf in nbd_open
https://notcve.org/view.php?id=CVE-2023-52837
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set disk->private_data as NULL as before. UAF may be triggered in nbd_open() if someone tries to open nbd device right after nbd_put() since nbd has been free in nbd_dev_remove(). Fix this by implementing ->free_disk and free private data in it. En el kernel de Linux, se resolvió la siguiente vul... • https://git.kernel.org/stable/c/4af5f2e0301311f88c420fcfc5f3c8611ade20ac • CWE-416: Use After Free •
CVSS: 0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52836 – locking/ww_mutex/test: Fix potential workqueue corruption
https://notcve.org/view.php?id=CVE-2023-52836
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: locking/ww_mutex/test: Fix potential workqueue corruption In some cases running with the test-ww_mutex code, I was seeing odd behavior where sometimes it seemed flush_workqueue was returning before all the work threads were finished. Often this would cause strange crashes as the mutexes would be freed while they were being used. Looking at the code, there is a lifetime problem as the controlling thread that spawns the work allocates the "st... • https://git.kernel.org/stable/c/d4d37c9e6a4dbcca958dabd99216550525c7e389 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52835 – perf/core: Bail out early if the request AUX area is out of bound
https://notcve.org/view.php?id=CVE-2023-52835
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Bail out early if the request AUX area is out of bound When perf-record with a large AUX area, e.g 4GB, it fails with: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with 12 (Cannot allocate memory) and it reveals a WARNING with __alloc_pages(): ------------[ cut here ]------------ WARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248 Call trace: __alloc_pages+0x1ec/0x248 __kmalloc_large... • https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f • CWE-125: Out-of-bounds Read •
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52834 – atl1c: Work around the DMA RX overflow issue
https://notcve.org/view.php?id=CVE-2023-52834
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 ("net: alx: Work around the DMA RX overflow issue"). The alx and atl1c drivers had RX overflow error which was why a custom allocator was created to avoid certain addresses. The simpler workaround then created for alx driver, but not for atl1c due to lack of tester. Instead of using a custom allocator, check the allocated skb address and use skb_res... • https://git.kernel.org/stable/c/c29a89b23f67ee592f4dee61f9d7efbf86d60315 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52833 – Bluetooth: btusb: Add date->evt_skb is NULL check
https://notcve.org/view.php?id=CVE-2023-52833
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Add date->evt_skb is NULL check fix crash because of null pointers [ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8 [ 6104.969667] #PF: supervisor read access in kernel mode [ 6104.969668] #PF: error_code(0x0000) - not-present page [ 6104.969670] PGD 0 P4D 0 [ 6104.969673] Oops: 0000 [#1] SMP NOPTI [ 6104.969684] RIP: 0010:btusb_mtk_hci_wmt_sync+0x144/0x220 [btusb] [ 6104.969688] RSP: 0018:fff... • https://git.kernel.org/stable/c/9f8e4d1a4ca1179aaeb43f91f3e2a386e7e616b3 • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52832 – wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
https://notcve.org/view.php?id=CVE-2023-52832
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns the INT_MIN value mac80211 internally uses for "unset power level". UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5 -2147483648 * 100 cannot be represented in type 'int' CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE Call Trace: dump_stack+0x74/0x92 ubsan_epilogue+0x9/0x50 handle_overflow+0x8d/... • https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f • CWE-190: Integer Overflow or Wraparound CWE-920: Improper Restriction of Power Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52831 – cpu/hotplug: Don't offline the last non-isolated CPU
https://notcve.org/view.php?id=CVE-2023-52831
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, then an attempt to offline the last housekeeping CPU will result in a WARN_ON() when rebuilding the scheduler domains and a subsequent panic due to and unhandled empty CPU mas in partition_sched_domains_locked(). cpuset_hotplug_workfn() rebuild_sched_domains_locked() ndoms = generate_sched_domains(&doms, &attr); cpu... • https://git.kernel.org/stable/c/3410b702354702b500bde10e3cc1f9db8731d908 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52829 – wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()
https://notcve.org/view.php?id=CVE-2023-52829
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() reg_cap.phy_id is extracted from WMI event and could be an unexpected value in case some errors happen. As a result out-of-bound write may occur to soc->hal_reg_cap. Fix it by validating reg_cap.phy_id before using it. This is found during code review. Compile tested only. • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 • CWE-787: Out-of-bounds Write •