CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52749 – spi: Fix null dereference on suspend
https://notcve.org/view.php?id=CVE-2023-52749
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system suspend. This can cause a null pointer dereference exception to occur when the system resumes. Example order of events leading to the exception: 1. spi_sync() calls __spi_transfer_message_noqueue() which sets ctlr->cur_msg 2. Spi transfer begins via spi_transfer_one_message() 3. System is suspended interrupting t... • https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52748 – f2fs: avoid format-overflow warning
https://notcve.org/view.php?id=CVE-2023-52748
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function ‘f2fs_init_page_array_cache’: fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between 1 and 7 bytes into a region of size between 5 and 8 [-Werror=format-overflow=] 1984 | sprintf(slab_name, "f2fs_page_array_entry-%u:%u", MAJOR(dev), MINOR(dev)); | ^~ String "f2fs_page_array_entry-%u:%u" can up to 35. The first... • https://git.kernel.org/stable/c/31083031709eea6530f0551d59eecdb2e68265ef •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48710 – drm/radeon: fix a possible null pointer dereference
https://notcve.org/view.php?id=CVE-2022-48710
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix a possible null pointer dereference In radeon_fp_native_mode(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. The failure status of drm_cvt_mode() on the other path is checked too. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/radeon: corrige una posible desreferencia del punter... • https://git.kernel.org/stable/c/b33f7d99c9226892c7794dc2500fae35966020c9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47432 – lib/generic-radix-tree.c: Don't overflow in peek()
https://notcve.org/view.php?id=CVE-2021-47432
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the radix tree code. Oops. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: lib/generic-radix-tree.c: No se desborda en peek() Cuando comenzamos a distribuir nuevos números de inodos en la mayor parte del ... • https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52747 – IB/hfi1: Restore allocated resources on failed copyout
https://notcve.org/view.php?id=CVE-2023-52747
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Restore allocated resources on failed copyout Fix a resource leak if an error occurs. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: IB/hfi1: restaurar los recursos asignados en caso de copia fallida. Reparar una fuga de recursos si se produce un error. • https://git.kernel.org/stable/c/f404ca4c7ea8e650ba09ba87c71c7a89c865d5be •
CVSS: 2.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52746 – xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
https://notcve.org/view.php?id=CVE-2023-52746
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) { return -EOPNOTSUPP; } @type is then used as an array index and can be used as a Spectre v1 gadget. if (nla_len(nla) < compat_policy[type].len) { array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfrm/compat: ... • https://git.kernel.org/stable/c/5106f4a8acff480e244300bc5097c0ad7048c3a2 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52745 – IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
https://notcve.org/view.php?id=CVE-2023-52745
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queues. This causes to a crash when traffic is sent over the PKEY interface due to the parent having a single queue but the child having multiple queues. This patch fixes the number of queues to 1 for legacy IPoIB at the earliest possible... • https://git.kernel.org/stable/c/d4bf3fcccd188db9f3310d93472041cdefba97bf •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52744 – RDMA/irdma: Fix potential NULL-ptr-dereference
https://notcve.org/view.php?id=CVE-2023-52744
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix potential NULL-ptr-dereference in_dev_get() can return NULL which will cause a failure once idev is dereferenced in in_dev_for_each_ifa_rtnl(). This patch adds a check for NULL value in idev beforehand. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/irdma: se corrige una posible referencia NULL-ptr-dereference in_dev_get() que puede devol... • https://git.kernel.org/stable/c/146b9756f14c04894226fb97e2f102f217139c27 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52743 – ice: Do not use WQ_MEM_RECLAIM flag for workqueue
https://notcve.org/view.php?id=CVE-2023-52743
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Do not use WQ_MEM_RECLAIM flag for workqueue When both ice and the irdma driver are loaded, a warning in check_flush_dependency is being triggered. This is due to ice driver workqueue being allocated with the WQ_MEM_RECLAIM flag and the irdma one is not. According to kernel documentation, this flag should be set if the workqueue will be involved in the kernel's memory reclamation flow. Since it is not, there is no need for the ice driv... • https://git.kernel.org/stable/c/940b61af02f497fcd911b9e2d75c6b8cf76b92fd •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52742 – net: USB: Fix wrong-direction WARNING in plusb.c
https://notcve.org/view.php?id=CVE-2023-52742
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a write. In modern kernels this error provokes a WARNING: usb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0 WARNING: CPU: 0 PID: 4645 at drivers/usb/core/urb.c:411 usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411 Modules linked in: CPU:... • https://git.kernel.org/stable/c/090ffa9d0e904e1ed0f86c84dcf20684a8ac1a5a •