CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52737 – btrfs: lock the inode in shared mode before starting fiemap
https://notcve.org/view.php?id=CVE-2023-52737
21 May 2024 — This deadlock was recently reported by syzbot and triggers a trace like the following: task:syz-executor361 state:D stack:20264 pid:5668 ppid:5119 flags:0x00004004 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52736 – ALSA: hda: Do not unset preset when cleaning up codec
https://notcve.org/view.php?id=CVE-2023-52736
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's initialization and removal are re-used by ASoC codec drivers implementations. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's initialization and removal are re-used by ASoC codec drivers implementations. ... En el ... • https://git.kernel.org/stable/c/7fc4e7191eae9d9325511e03deadfdb2224914f8 •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52735 – bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
https://notcve.org/view.php?id=CVE-2023-52735
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in favor of a resource leak. [1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/ En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: no permita que sock_ma... • https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52733 – s390/decompressor: specify __decompress() buf len to avoid overflow
https://notcve.org/view.php?id=CVE-2023-52733
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't specify "out_len" parameter on many architectures including s390, expecting that no writes beyond uncompressed kernel image are performed. In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't... • https://git.kernel.org/stable/c/16409f7d9ca5bb8220e1049ea9aae0d3c94d2dfb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52732 – ceph: blocklist the kclient when receiving corrupted snap trace
https://notcve.org/view.php?id=CVE-2023-52732
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: blocklist the kclient when receiving corrupted snap trace When received corrupted snap trace we don't know what exactly has happened in MDS side. In the Linux kernel, the following vulnerability has been resolved: ceph: blocklist the kclient when receiving corrupted snap trace When received corrupted snap trace we don't know what exactly has happened in MDS side. ... En el kernel de Linux, se ha resuelto la siguie... • https://git.kernel.org/stable/c/66ec619e4591f8350f99c5269a7ce160cccc7a7c •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52731 – fbdev: Fix invalid page access after closing deferred I/O devices
https://notcve.org/view.php?id=CVE-2023-52731
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is once opened and closed, the dirty pages still remain queued in the pageref list, and eventually later those may be processed in the delayed work. In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is once opened and ... • https://git.kernel.org/stable/c/56c134f7f1b58be08bdb0ca8372474a4a5165f31 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52730 – mmc: sdio: fix possible resource leaks in some error paths
https://notcve.org/view.php?id=CVE-2023-52730
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdio_add_func() or sdio_init_func() fails, sdio_remove_func() can not release the resources, because the sdio function is not presented in these two cases, it won't call of_node_put() or put_device(). ... @Q......X...... 10 10 51 12 81 88 ff ff 10 10 51 12 81 88 ff ff ..Q.......Q..... backtrace: [<000000009e5931da>] kmalloc_trace+0x21/0x110 [<00000000fcbe706c>] sdio_alloc_... • https://git.kernel.org/stable/c/3d10a1ba0d37c8f5fd5afcdda00613fbb8a90bf5 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52708 – mmc: mmc_spi: fix error handling in mmc_spi_probe()
https://notcve.org/view.php?id=CVE-2023-52708
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_spi: fix error handling in mmc_spi_probe() If mmc_add_host() fails, it doesn't need to call mmc_remove_host(), or it will cause null-ptr-deref, because of deleting a not added device in mmc_remove_host(). In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_spi: fix error handling in mmc_spi_probe() If mmc_add_host() fails, it doesn't need to call mmc_remove_host(), or it will cause null-ptr-de... • https://git.kernel.org/stable/c/15a0580ced081a0f7dc2deea8a4812bdc5e9a109 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52707 – sched/psi: Fix use-after-free in ep_remove_wait_queue()
https://notcve.org/view.php?id=CVE-2023-52707
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in ep_remove_wait_queue() If a non-root cgroup gets removed when there is a thread that registered trigger and is polling on a pressure file within the cgroup, the polling waitqueue gets freed in the following path: do_rmdir cgroup_rmdir kernfs_drain_open_files cgroup_file_release cgroup_pressure_release psi_trigger_destroy However, the polling thread still has a reference to the pressure file and will a... • https://git.kernel.org/stable/c/0e94682b73bfa6c44c98af7a26771c9c08c055d5 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52706 – gpio: sim: fix a memory leak
https://notcve.org/view.php?id=CVE-2023-52706
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: gpio: sim: fix a memory leak Fix an inverted logic bug in gpio_sim_remove_hogs() that leads to GPIO hog structures never being freed. In the Linux kernel, the following vulnerability has been resolved: gpio: sim: fix a memory leak Fix an inverted logic bug in gpio_sim_remove_hogs() that leads to GPIO hog structures never being freed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gpio: sim: corrige u... • https://git.kernel.org/stable/c/cb8c474e79be458f58e9df073f51ca159f3a2aa0 •