CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52492 – dmaengine: fix NULL pointer in channel unregistration function
https://notcve.org/view.php?id=CVE-2023-52492
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When dma_async_device_unregister() is called (because of managed API or intentionally by DMA controller driver), channels are unconditionally unregistered, leading to this NULL pointer: [ 1.318693] Unable to handle kernel NULL pointer deref... • https://git.kernel.org/stable/c/d2fb0a0438384fee08a418025f743913020033ce • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52491 – media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run
https://notcve.org/view.php?id=CVE-2023-52491
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run In mtk_jpeg_probe, &jpeg->job_timeout_work is bound with mtk_jpeg_job_timeout_work. In mtk_jpeg_dec_device_run, if error happens in mtk_jpeg_set_dec_dst, it will finally start the worker while mark the job as finished by invoking v4l2_m2m_job_finish. There are two methods to trigger the bug. If we remove the module, it which will call mtk_jpeg_remo... • https://git.kernel.org/stable/c/b2f0d2724ba477d326e9d654d4db1c93e98f8b93 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52490 – mm: migrate: fix getting incorrect page mapping during page migration
https://notcve.org/view.php?id=CVE-2023-52490
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : dentry_name+0xd8/0x224 lr : pointer+0x22c/0x370 sp : ffff800025f134c0 ...... Call trace: dentry_name+0xd8/0x224 pointer+0x22c/0x370 vsnprintf+0x1ec/0x730 vscnprintf+0x2c/0x60 vprintk_store+0x70/0x234 vprin... • https://git.kernel.org/stable/c/64c8902ed4418317cd416c566f896bd4a92b2efc • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52489 – mm/sparsemem: fix race in accessing memory_section->usage
https://notcve.org/view.php?id=CVE-2023-52489
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end pfn contains the device memory PFN's as well, the compaction triggered will try on the device memory PFN's too though they end up in NOP(because pfn_to_online_page() returns ... • https://git.kernel.org/stable/c/f46edbd1b1516da1fb34c917775168d5df576f78 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52488 – serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
https://notcve.org/view.php?id=CVE-2023-52488
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address is sent ($00), followed by all the FIFO data without having to resend the register address each time. In this mode, the IC doesn't increment the register address for each R/W byte. The regmap_raw_read() and regmap_raw_write() are functions which can perform IO over multiple ... • https://git.kernel.org/stable/c/dfeae619d781dee61666d5551b93ba3be755a86b •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52487 – net/mlx5e: Fix peer flow lists handling
https://notcve.org/view.php?id=CVE-2023-52487
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix peer flow lists handling The cited change refactored mlx5e_tc_del_fdb_peer_flow() to only clear DUP flag when list of peer flows has become empty. However, if any concurrent user holds a reference to a peer flow (for example, the neighbor update workqueue task is updating peer flow's parent encap entry concurrently), then the flow will not be removed from the peer list and, consecutively, DUP flag will remain set. Since mlx5e... • https://git.kernel.org/stable/c/9be6c21fdcf8a7ec48262bb76f78c17ac2761ac6 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52486 – drm: Don't unref the same fb many times by mistake due to deadlock handling
https://notcve.org/view.php?id=CVE-2023-52486
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we forget to reset the fb pointer back to NULL, and so if we then get another error during the retry, before the fb lookup, we proceed the unref the same fb again without having gotten another reference. The end result is... • https://git.kernel.org/stable/c/376e21a9e4c2c63ee5d8d3aa74be5082c3882229 • CWE-833: Deadlock •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52485 – drm/amd/display: Wake DMCUB before sending a command
https://notcve.org/view.php?id=CVE-2023-52485
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before sending a command [Why] We can hang in place trying to send commands when the DMCUB isn't powered on. [How] For functions that execute within a DC context or DC lock we can wrap the direct calls to dm_execute_dmub_cmd/list with code that exits idle power optimizations and reallows once we're done with the command submission on success. For DM direct submissions the DM will need to manage the enter/exit seq... • https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26607 – drm/bridge: sii902x: Fix probing race issue
https://notcve.org/view.php?id=CVE-2024-26607
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x] [ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm] [ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper] [ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_hel... • https://git.kernel.org/stable/c/21d808405fe49028036932dd969920f4fee4f481 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52484 – iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range
https://notcve.org/view.php?id=CVE-2023-52484
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range When running an SVA case, the following soft lockup is triggered: -------------------------------------------------------------------- watchdog: BUG: soft lockup - CPU#244 stuck for 26s! pstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : arm_smmu_cmdq_issue_cmdlist+0x178/0xa50 lr : arm_smmu_cmdq_issue_cmdlist+0x150/0xa50 sp : ffff8000d83ef290 x29:... • https://git.kernel.org/stable/c/f5a604757aa8e37ea9c7011dc9da54fa1b30f29b •