CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52631 – fs/ntfs3: Fix an NULL dereference bug
https://notcve.org/view.php?id=CVE-2023-52631
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The "size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow on a 64bit systems but on 32bit systems the "+ 1023" can overflow and the result is zero. This means that the kmalloc will succeed by returning the ZERO_SIZE_PTR and then the memcpy() will crash with an Oops on the next line. En el kernel de Linux, se resolvió la ... • https://git.kernel.org/stable/c/be71b5cba2e6485e8959da7a9f9a44461a1bb074 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26656 – drm/amdgpu: fix use-after-free bug
https://notcve.org/view.php?id=CVE-2024-26656
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26654 – ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
https://notcve.org/view.php?id=CVE-2024-26654
01 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and the spu_dma_work could also arm the dreamcastcard->timer. When the snd_pcm_substream is closing, the aica_channel will be deallocated. But it could still be dereferenced in the worker thread. The reason is that del_timer() will return directly regardless of whether the timer handler is running or not and the worker could... • https://git.kernel.org/stable/c/198de43d758ca2700e2b52b49c0b189b4931466c •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26652 – net: pds_core: Fix possible double free in error handling path
https://notcve.org/view.php?id=CVE-2024-26652
27 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened. En el kernel de Linux, se resolvió la sigui... • https://git.kernel.org/stable/c/4569cce43bc61e4cdd76597a1cf9b608846c18cc •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26651 – sr9800: Add check for usbnet_get_endpoints
https://notcve.org/view.php?id=CVE-2024-26651
27 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sr9800: Agregar verificación para usbnet_get_endpoints Agregar verificación para usbnet_get_endpoints() y devolver el error si falla para transferir el error. In the Linux kernel, the following vulnerability has been resolved: sr9800: ... • https://git.kernel.org/stable/c/19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26649 – drm/amdgpu: Fix the null pointer when load rlc firmware
https://notcve.org/view.php?id=CVE-2024-26649
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpu_ucode_request. There will be a null pointer error in subsequent use. So skip validation to fix it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: corrige el puntero nulo al cargar el firmware rlc. Si el firmware RLC no es válido debido... • https://git.kernel.org/stable/c/3da9b71563cbb7281875adab1d7c4132679da987 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26648 – drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()
https://notcve.org/view.php?id=CVE-2024-26648
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() In edp_setup_replay(), 'struct dc *dc' & 'struct dmub_replay *replay' was dereferenced before the pointer 'link' & 'replay' NULL check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() warn: variable dereferenced before check 'link' (see line 933) En el kernel de Linux, se resolvió la sigu... • https://git.kernel.org/stable/c/22ae604aea14756954e1c00ae653e34d2afd2935 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26647 – drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'
https://notcve.org/view.php?id=CVE-2024-26647
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' In link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc' was dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc' NULL pointer check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903) En el kernel de Linux, se resolvió... • https://git.kernel.org/stable/c/6aa5ede6665122f4c8abce3c6eba06b49e54d25c •
CVSS: 5.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26646 – thermal: intel: hfi: Add syscore callbacks for system-wide PM
https://notcve.org/view.php?id=CVE-2024-26646
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remains constant throughout runtime. When resuming from hibernation, the restore kernel allocates a second memory buffer and reprograms the HFI hardware with the new location as part of a normal boot. The location of the sec... • https://git.kernel.org/stable/c/28f010dc50df0f7987c04112114fcfa7e0803566 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52627 – iio: adc: ad7091r: Allow users to configure device events
https://notcve.org/view.php?id=CVE-2023-52627
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio events for notifying user space when ADC readings fall bellow the thresholds of low limit registers or above the values set in high limit registers. However, to configure iio events and their thresholds, a set of callback functions must be implemented and those we... • https://git.kernel.org/stable/c/ca69300173b642ba64118200172171ea5967b6c5 •