CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52631 – fs/ntfs3: Fix an NULL dereference bug
https://notcve.org/view.php?id=CVE-2023-52631
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The "size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow on a 64bit systems but on 32bit systems the "+ 1023" can overflow and the result is zero. This means that the kmalloc will succeed by returning the ZERO_SIZE_PTR and then the memcpy() will crash with an Oops on the next line. En el kernel de Linux, se resolvió la ... • https://git.kernel.org/stable/c/be71b5cba2e6485e8959da7a9f9a44461a1bb074 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26657 – drm/sched: fix null-ptr-deref in init entity
https://notcve.org/view.php?id=CVE-2024-26657
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26656 – drm/amdgpu: fix use-after-free bug
https://notcve.org/view.php?id=CVE-2024-26656
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26655 – Fix memory leak in posix_clock_open()
https://notcve.org/view.php?id=CVE-2024-26655
01 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Fix memory leak in posix_clock_open() If the clk ops.open() function returns an error, we don't release the pccontext we allocated for this clock. Re-organize the code slightly to make it all more obvious. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Reparar la pérdida de memoria en posix_clock_open() Si la función clk ops.open() devuelve un error, no liberamos el contexto de pc que asignamos para este reloj. Reorganice l... • https://git.kernel.org/stable/c/60c6946675fc06dd2fd2b7a4b6fd1c1f046f1056 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26654 – ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
https://notcve.org/view.php?id=CVE-2024-26654
01 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and the spu_dma_work could also arm the dreamcastcard->timer. When the snd_pcm_substream is closing, the aica_channel will be deallocated. But it could still be dereferenced in the worker thread. The reason is that del_timer() will return directly regardless of whether the timer handler is running or not and the worker could... • https://git.kernel.org/stable/c/198de43d758ca2700e2b52b49c0b189b4931466c •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26653 – usb: misc: ljca: Fix double free in error handling path
https://notcve.org/view.php?id=CVE-2024-26653
01 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: misc: ljca: Fix double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function ljca_auxdev_release calls kfree(auxdev->dev.platform_data) to free the parameter data of the function ljca_new_client_device. The callers of ljca_new_client_device shouldn't call kfree() again in the error handling path to free the platform data. Fix this by cleaning up the redundant k... • https://git.kernel.org/stable/c/acd6199f195d6de814ac4090ce0864a613b1580e •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26652 – net: pds_core: Fix possible double free in error handling path
https://notcve.org/view.php?id=CVE-2024-26652
27 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened. En el kernel de Linux, se resolvió la sigui... • https://git.kernel.org/stable/c/4569cce43bc61e4cdd76597a1cf9b608846c18cc •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26651 – sr9800: Add check for usbnet_get_endpoints
https://notcve.org/view.php?id=CVE-2024-26651
27 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sr9800: Agregar verificación para usbnet_get_endpoints Agregar verificación para usbnet_get_endpoints() y devolver el error si falla para transferir el error. In the Linux kernel, the following vulnerability has been resolved: sr9800: ... • https://git.kernel.org/stable/c/19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26649 – drm/amdgpu: Fix the null pointer when load rlc firmware
https://notcve.org/view.php?id=CVE-2024-26649
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpu_ucode_request. There will be a null pointer error in subsequent use. So skip validation to fix it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: corrige el puntero nulo al cargar el firmware rlc. Si el firmware RLC no es válido debido... • https://git.kernel.org/stable/c/3da9b71563cbb7281875adab1d7c4132679da987 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26648 – drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()
https://notcve.org/view.php?id=CVE-2024-26648
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() In edp_setup_replay(), 'struct dc *dc' & 'struct dmub_replay *replay' was dereferenced before the pointer 'link' & 'replay' NULL check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() warn: variable dereferenced before check 'link' (see line 933) En el kernel de Linux, se resolvió la sigu... • https://git.kernel.org/stable/c/22ae604aea14756954e1c00ae653e34d2afd2935 •