CVSS: 4.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52503 – tee: amdtee: fix use-after-free vulnerability in amdtee_close_session
https://notcve.org/view.php?id=CVE-2023-52503
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix use-after-free vulnerability in amdtee_close_session There is a potential race condition in amdtee_close_session that may cause use-after-free in amdtee_open_session. For instance, if a session has refcount == 1, and one thread tries to free this session via: kref_put(&sess->refcount, destroy_session); the reference count will get decremented, and the next step would be to call destroy_session(). However, if in anot... • https://git.kernel.org/stable/c/757cc3e9ff1d72d014096399d6e2bf03974d9da1 •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52502 – net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
https://notcve.org/view.php?id=CVE-2023-52502
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock should happen before releasing the lock. nfc_llcp_sock_get_sn() has a similar problem. Finally nfc_llcp_recv_snl() needs to make sure the socket found by nfc_llcp_sock_from_sn() does not disappear. In the Linux kernel, the followin... • https://git.kernel.org/stable/c/8f50020ed9b81ba909ce9573f9d05263cdebf502 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52501 – ring-buffer: Do not attempt to read past "commit"
https://notcve.org/view.php?id=CVE-2023-52501
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not attempt to read past "commit" When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There's barriers to help detect this and handle it, but that code missed the case where the last event was at the very end of the page and has only 4 bytes left. The checks to detect the corruption by the writer to reads needs to see the length of the event. If the length in the first 4... • https://git.kernel.org/stable/c/cee5151c5410e868826b8afecfb356f3799ebea3 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52500 – scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command
https://notcve.org/view.php?id=CVE-2023-52500
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command Tags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed when we receive the response. In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command Tags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed when we receive the re... • https://git.kernel.org/stable/c/2afd8fcee0c4d65a482e30c3ad2a92c25e5e92d4 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52499 – powerpc/47x: Fix 47x syscall return crash
https://notcve.org/view.php?id=CVE-2023-52499
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page (b7ee2000) - exploit attempt? (uid: 0) BUG: Unable to handle kernel instruction fetch Faulting instruction address: 0xb7ee2000 Oops: Kernel access of bad area, sig: 11 [#1] BE PAGE_SIZE=4K FSP-2 Modules linked in: CPU: 0 PID: 61 Comm: mount Not tainted 6.1.55-d23900f... • https://git.kernel.org/stable/c/6f76a01173ccaa363739f913394d4e138d92d718 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48628 – ceph: drop messages from MDS when unmounting
https://notcve.org/view.php?id=CVE-2022-48628
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting When unmounting all the dirty buffers will be flushed and after the last osd request is finished the last reference of the i_count will be released. Then it will flush the dirty cap/snap to MDSs, and the unmounting won't wait the possible acks, which will ihold the inodes when updating the metadata locally but makes no sense any more, of this. This will make the evict_inodes() to skip these ino... • https://git.kernel.org/stable/c/89744b64914426cbabceb3d8a149176b5dafdfb5 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48627 – vt: fix memory overlapping when deleting chars in the buffer
https://notcve.org/view.php?id=CVE-2022-48627
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to memcpy because memcpy does not ensure its behavior if the destination buffer overlaps with the source buffer. The line buffer is not always broken, because the memcpy utilizes the hardware acceleration, whose result is not determinis... • https://git.kernel.org/stable/c/81732c3b2fede049a692e58a7ceabb6d18ffb18c • CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47081 – habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory
https://notcve.org/view.php?id=CVE-2021-47081
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory Our code analyzer reported a uaf. In gaudi_memset_device_memory, cb is get via hl_cb_kernel_create() with 2 refcount. If hl_cs_allocate_job() failed, the execution runs into release_cb branch. One ref of cb is dropped by hl_cb_put(cb) and could be freed if other thread also drops one ref. Then cb is used by cb->id later, which is a potential uaf. My patch add... • https://git.kernel.org/stable/c/423815bf02e257091d5337be5c63b57fc29e4254 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47080 – RDMA/core: Prevent divide-by-zero error triggered by the user
https://notcve.org/view.php?id=CVE-2021-47080
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Prevent divide-by-zero error triggered by the user The user_entry_size is supplied by the user and later used as a denominator to calculate number of entries. The zero supplied by the user will trigger the following divide-by-zero error: divide error: 0000 [#1] SMP KASAN PTI CPU: 4 PID: 497 Comm: c_repro Not tainted 5.13.0-rc1+ #281 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebu... • https://git.kernel.org/stable/c/9f85cbe50aa044a46f0a22fda323fa27b80c82da • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47079 – platform/x86: ideapad-laptop: fix a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2021-47079
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: ideapad-laptop: fix a NULL pointer dereference The third parameter of dytc_cql_command should not be NULL since it will be dereferenced immediately. In the Linux kernel, the following vulnerability has been resolved: platform/x86: ideapad-laptop: fix a NULL pointer dereference The third parameter of dytc_cql_command should not be NULL since it will be dereferenced immediately. • https://git.kernel.org/stable/c/ff36b0d953dc4cbc40a72945920ff8e805f1b0da •