CVE-2023-52864 – platform/x86: wmi: Fix opening of char device
https://notcve.org/view.php?id=CVE-2023-52864
In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, which means that private_data will not be NULL when wmi_char_open() is called. This might cause memory corruption should wmi_char_open() be unable to find its driver, something which can happen when the associated WMI device is deleted in wmi_free_devices(). Fix the problem by using the miscdevice pointer to retrieve the WMI device data associated with a char device using container_of(). This also avoids wmi_char_open() picking a wrong WMI device bound to a driver with the same name as the original driver. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: plataforma/x86: wmi: corrige la apertura del dispositivo char. Desde la confirmación fa1f68db6ca7 ("drivers: misc: pasar el puntero del dispositivo misc a través de datos privados del archivo"), el dispositivo misc almacena un puntero a sí mismo en su interior. filp->private_data, lo que significa que private_data no será NULL cuando se llame a wmi_char_open(). • https://git.kernel.org/stable/c/44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6 https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203 https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453 https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097 https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835e • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVE-2023-52863 – hwmon: (axi-fan-control) Fix possible NULL pointer dereference
https://notcve.org/view.php?id=CVE-2023-52863
In the Linux kernel, the following vulnerability has been resolved: hwmon: (axi-fan-control) Fix possible NULL pointer dereference axi_fan_control_irq_handler(), dependent on the private axi_fan_control_data structure, might be called before the hwmon device is registered. That will cause an "Unable to handle kernel NULL pointer dereference" error. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (axi-fan-control) Se corrigió la posible desreferencia del puntero NULL. Se podría llamar a axi_fan_control_irq_handler(), dependiente de la estructura privada axi_fan_control_data, antes de que se registre el dispositivo hwmon. Esto provocará el error "No se puede manejar la desreferencia del puntero NULL del kernel". • https://git.kernel.org/stable/c/8412b410fa5e1e494a0fec84c3c462d49870d3f5 https://git.kernel.org/stable/c/7d870088db4863c514a7f8751cd593751983029a https://git.kernel.org/stable/c/b3e7eb23a6e97642ff3190431c06475d9ca1e062 https://git.kernel.org/stable/c/33de53a2706066d526173dc743faf43d92c62105 https://git.kernel.org/stable/c/f62b8969847850ba7596cb145cc47c65ea57dae0 https://git.kernel.org/stable/c/c49f14cc1bb12c625a1c572e8a95b6adefd4d8eb https://git.kernel.org/stable/c/2a5b3370a1d9750eca325292e291c8c7cb8cf2e0 •
CVE-2023-52862 – drm/amd/display: Fix null pointer dereference in error message
https://notcve.org/view.php?id=CVE-2023-52862
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initialize. The original message includes the DC version number, which is undefined if the DC is not initialized. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: corrige la desreferencia del puntero null en el mensaje de error. Este parche corrige una desreferencia del puntero null en el mensaje de error que se imprime cuando el Display Core (DC) no se inicializa. El mensaje original incluye el número de versión del DC, que no está definido si el DC no está inicializado. • https://git.kernel.org/stable/c/9788d087caffd8358d6e14349ee69d9385666719 https://git.kernel.org/stable/c/97ef07182ac46b069bb5e7d46cb903a764d67898 https://git.kernel.org/stable/c/8b72c5d4a5d25e76b16283397c40b8b3c0d70019 https://git.kernel.org/stable/c/0c3601a2fbfb265ce283651480e30c8e60459112 •
CVE-2023-52861 – drm: bridge: it66121: Fix invalid connector dereference
https://notcve.org/view.php?id=CVE-2023-52861
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer (of zeroes) as the EDID information to the sound framework if there is no connector attached. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: bridge: it66121: Corrige la desreferencia del conector no válido. Corrige la desreferencia del puntero NULL cuando no hay ningún monitor conectado y la tarjeta de sonido se abre desde el espacio de usuario. En su lugar, devuelva un búfer vacío (de ceros) como información EDID al sistema de sonido si no hay ningún conector conectado. • https://git.kernel.org/stable/c/e0fd83dbe92426e4f09b01111d260d2a7dc72fdb https://git.kernel.org/stable/c/2c80c4f0d2845645f41cbb7c9304c8efbdbd4331 https://git.kernel.org/stable/c/1669d7b21a664aa531856ce85b01359a376baebc https://git.kernel.org/stable/c/1374561a7cbc9a000b77bb0473bb2c19daf18d86 https://git.kernel.org/stable/c/d0375f6858c4ff7244b62b02eb5e93428e1916cd • CWE-476: NULL Pointer Dereference •
CVE-2023-52860 – drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process
https://notcve.org/view.php?id=CVE-2023-52860
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process When tearing down a 'hisi_hns3' PMU, we mistakenly run the CPU hotplug callbacks after the device has been unregistered, leading to fireworks when we try to execute empty function callbacks within the driver: | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 | CPU: 0 PID: 15 Comm: cpuhp/0 Tainted: G W O 5.12.0-rc4+ #1 | Hardware name: , BIOS KpxxxFPGA 1P B600 V143 04/22/2021 | pstate: 80400009 (Nzcv daif +PAN -UAO -TCO BTYPE=--) | pc : perf_pmu_migrate_context+0x98/0x38c | lr : perf_pmu_migrate_context+0x94/0x38c | | Call trace: | perf_pmu_migrate_context+0x98/0x38c | hisi_hns3_pmu_offline_cpu+0x104/0x12c [hisi_hns3_pmu] Use cpuhp_state_remove_instance_nocalls() instead of cpuhp_state_remove_instance() so that the notifiers don't execute after the PMU device has been unregistered. [will: Rewrote commit message] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() para el proceso uninit hisi_hns3_pmu. Al derribar una PMU 'hisi_hns3', ejecutamos por error las devoluciones de llamadas de conexión en caliente de la CPU después de que el dispositivo haya sido anulado del registro, lo que lleva a a fuegos artificiales cuando intentamos ejecutar devoluciones de llamadas de funciones vacías dentro del controlador: | No se puede manejar la desreferencia del puntero NULL del kernel en la dirección virtual 0000000000000000 | CPU: 0 PID: 15 Comunicaciones: cpuhp/0 Contaminado: GWO 5.12.0-rc4+ #1 | Nombre del hardware: , BIOS KpxxxFPGA 1P B600 V143 22/04/2021 | pstate: 80400009 (Nzcv daif +PAN -UAO -TCO BTYPE=--) | ordenador personal: perf_pmu_migrate_context+0x98/0x38c | lr: perf_pmu_migrate_context+0x94/0x38c | | Rastreo de llamadas: | perf_pmu_migrate_context+0x98/0x38c | hisi_hns3_pmu_offline_cpu+0x104/0x12c [hisi_hns3_pmu] Utilice cpuhp_state_remove_instance_nocalls() en lugar de cpuhp_state_remove_instance() para que los notificadores no se ejecuten después de que el dispositivo PMU haya sido anulado del registro. [will: reescribirá el mensaje de confirmación] • https://git.kernel.org/stable/c/66637ab137b44914356a9dc7a9b3f8ebcf0b0695 https://git.kernel.org/stable/c/4589403a343bb0c72a6faf5898386ff964d4e01a https://git.kernel.org/stable/c/3f5827371763f2d9c70719c270055a81d030f3d0 https://git.kernel.org/stable/c/d04ff5437a45f275db5530efb49b68d0ec851f6f https://git.kernel.org/stable/c/50b560783f7f71790bcf70e9e9855155fb0af8c1 •