CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52464 – EDAC/thunderx: Fix possible out-of-bounds string access
https://notcve.org/view.php?id=CVE-2023-52464
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr': drivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=] 1136 | strncat(msg, other, OCX_MESSAGE_SIZE); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~... • https://git.kernel.org/stable/c/41003396f932d7f027725c7acebb6a7caa41dc3e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52463 – efivarfs: force RO when remounting if SetVariable is not supported
https://notcve.org/view.php?id=CVE-2023-52463
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can call that. However, we never check the permission flags when someone remounts the filesystem as RW. As a result this leads to a crash looking like this: $ mount -o remount,rw /sys/firmware/efi/efivars $ efi-updatevar... • https://git.kernel.org/stable/c/f88814cc2578c121e6edef686365036db72af0ed • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52458 – block: add check that partition length needs to be aligned with block size
https://notcve.org/view.php?id=CVE-2023-52458
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the logical block size of the disk is larger than 512 bytes, then the partition size maybe not the multiple of the logical block size, and when the last sector is read, bio_truncate() will adjust the bio size, resulting in an IO error i... • https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52457 – serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
https://notcve.org/view.php?id=CVE-2023-52457
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Returning an error code from .remove() makes the driver core emit the little helpful error message: remove callback returned a non-zero value. This will be ignored. and then remove the device anyhow. So all resources that were not freed are leaked in this case. Skipping serial8250_unregister_port() has the potential to keep enough of the UART around to tri... • https://git.kernel.org/stable/c/2d66412563ef8953e2bac2d98d2d832b3f3f49cd • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52456 – serial: imx: fix tx statemachine deadlock
https://notcve.org/view.php?id=CVE-2023-52456
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TX_EN pin. When the TTY port is closed in the middle of a transmission (for instance during userland application crash), imx_uart_shutdown disables the interface and disables the Transmission Complete interrupt. afer that, imx_uart_stop_tx bails on an incomplete transmission, t... • https://git.kernel.org/stable/c/cb1a609236096c278ecbfb7be678a693a70283f1 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52454 – nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
https://notcve.org/view.php?id=CVE-2023-52454
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 lr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp] Call trace: process_one_work+0x174/0x3c8 worker_thread+0x2d0/0x3e8 kthread+0x104/0x110 Fix the bug by raising a fatal error if ... • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26593 – i2c: i801: Fix block process call transactions
https://notcve.org/view.php?id=CVE-2024-26593
23 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once again before reading the incoming data from the buffer. The driver is currently missing the second reset, causing the wrong portion of the block buffer to be read. En el kernel de Linux, se ha resuelto la siguiente... • https://git.kernel.org/stable/c/315cd67c945351f8a569500f8ab16b7fa94026e8 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52452 – bpf: Fix accesses to uninit stack slots
https://notcve.org/view.php?id=CVE-2023-52452
22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory (ever since 6715df8d5) but, before this patch, these accesses were permitted inconsistently. In particular, accesses were permitted above state->allocated_stack, but not below it. In other words, if the stack was already "large enough", the access was permitted, but otherwise the access was rejected instead of being allowed... • https://git.kernel.org/stable/c/01f810ace9ed37255f27608a0864abebccf0aab3 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52451 – powerpc/pseries/memhp: Fix access beyond end of drmem array
https://notcve.org/view.php?id=CVE-2023-52451
22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails, the cursor is left pointing to &drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the last valid entry in the array. The debug message at the end of the function then dereferences this pointer: ... • https://git.kernel.org/stable/c/51925fb3c5c901aa06cdc853268a6e19e19bcdc7 • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52449 – mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
https://notcve.org/view.php?id=CVE-2023-52449
22 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read(). ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all gluebi_notify nb->notifier_call() gluebi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_... • https://git.kernel.org/stable/c/2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba • CWE-476: NULL Pointer Dereference •