CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52563 – drm/meson: fix memory leak on ->hpd_notify callback
https://notcve.org/view.php?id=CVE-2023-52563
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix memory leak on ->hpd_notify callback The EDID returned by drm_bridge_get_edid() needs to be freed. • https://git.kernel.org/stable/c/e098989a9219f4456047f9b0e8c44f03e29a843e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52561 – arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved
https://notcve.org/view.php?id=CVE-2023-52561
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved Adding a reserved memory region for the framebuffer memory (the splash memory region set up by the bootloader). It fixes a kernel panic (arm-smmu: Unhandled context fault at this particular memory region) reported on DB845c running v5.10.y. In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory re... • https://git.kernel.org/stable/c/dc1ab6577475b0460ba4261cd9caec37bd62ca0b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52559 – iommu/vt-d: Avoid memory allocation in iommu_suspend()
https://notcve.org/view.php?id=CVE-2023-52559
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommu_suspend() The iommu_suspend() syscore suspend callback is invoked with IRQ disabled. Allocating memory with the GFP_KERNEL flag may re-enable IRQs during the suspend callback, which can cause intermittent suspend/hibernation problems with the following kernel traces: Calling iommu_suspend+0x0/0x1d0 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 15 at kernel/time/timekeeping.c:868 ktime... • https://git.kernel.org/stable/c/33e07157105e472b746b70b3ed4197c57c43ab68 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52532 – net: mana: Fix TX CQE error handling
https://notcve.org/view.php?id=CVE-2023-52532
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type (probably from a newer hardware), still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by injecting corrupted packets, so replace the WARN_ONCE to ratelimited error logging. In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE erro... • https://git.kernel.org/stable/c/ca9c54d2d6a5ab2430c4eda364c77125d62e5e0f •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52531 – wifi: iwlwifi: mvm: Fix a memory corruption issue
https://notcve.org/view.php?id=CVE-2023-52531
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + sizeof(struct ieee80211_channel) + sizeof(struct ieee80211_rate) 'mvm->nvm_data' is a 'struct iwl_nvm_data', so it is fine. At the end of this structure, there is the 'channels' flex array. Each element is of type 'struct ieee80211_channel'. So only 1 element is allocated in this array. When doing: mvm->nvm_data->ban... • https://git.kernel.org/stable/c/8ca151b568b67a7b72dcfc6ee6ea7c107ddd795c •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-52530 – wifi: mac80211: fix potential key use-after-free
https://notcve.org/view.php?id=CVE-2023-52530
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by... • https://git.kernel.org/stable/c/fdf7cb4185b60c68e1a75e61691c4afdc15dea0e • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52529 – HID: sony: Fix a potential memory leak in sony_probe()
https://notcve.org/view.php?id=CVE-2023-52529
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: sony: Fix a potential memory leak in sony_probe() If an error occurs after a successful usb_alloc_urb() call, usb_free_urb() should be called. In the Linux kernel, the following vulnerability has been resolved: HID: sony: Fix a potential memory leak in sony_probe() If an error occurs after a successful usb_alloc_urb() call, usb_free_urb() should be called. • https://git.kernel.org/stable/c/fb1a79a6b6e1223ddb18f12aa35e36f832da2290 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52528 – net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
https://notcve.org/view.php?id=CVE-2023-52528
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline] BUG: KMSAN: uninit-value in smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 CPU: 0 PID: 8696 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google... • https://git.kernel.org/stable/c/d0cad871703b898a442e4049c532ec39168e5b57 • CWE-252: Unchecked Return Value •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52527 – ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
https://notcve.org/view.php?id=CVE-2023-52527
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including the transhdrlen in length is a problem when the packet is partially filled (e.g. something like send(MSG_MORE) happened previously) when appending to an IPv4 or IPv6 packet as we don't want to repeat the transport header or account for it twice. This can happen under some circumstances, such as splicing into an L2TP socket. The symptom observed is a warning in __ip6... • https://git.kernel.org/stable/c/a32e0eec7042b21ccb52896cf715e3e2641fed93 •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52525 – wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
https://notcve.org/view.php?id=CVE-2023-52525
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet Only skip the code path trying to access the rfc1042 headers when the buffer is too small, so the driver can still process packets without rfc1042 headers. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mwifiex: corrige la condición de verificación de oob en mwifiex_process_rx_packet Solo omita la ruta del código al intentar acceder a los encabezad... • https://git.kernel.org/stable/c/f517c97fc129995de77dd06aa5a74f909ebf568f •