CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52977 – net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
https://notcve.org/view.php?id=CVE-2023-52977
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix flow memory leak in ovs_flow_cmd_new Syzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is not freed when an allocation of a key fails. BUG: memory leak unreferenced object 0xffff888116668000 (size 632): comm "syz-executor231", pid 1090, jiffies 4294844701 (age 18.871s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00... • https://git.kernel.org/stable/c/655e873bf528f0f46ce6b069f9a2daee9621197c •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52975 – scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
https://notcve.org/view.php?id=CVE-2023-52975
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KASAN UAF report like this: [ 276.942144] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x78/0xe0 [ 276.942535] Write of size 4 at addr ffff8881053b45b8 by task cat/4088 [ 276.943511] CPU: 2 PID: 4088 Comm: cat Tainted: G E 6.1.0-rc8+ #... • https://git.kernel.org/stable/c/17b738590b97fb3fc287289971d1519ff9b875a1 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52974 – scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
https://notcve.org/view.php?id=CVE-2023-52974
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host's ipaddress attr. If we then free the session via iscsi_session_teardown() while userspace is still accessing the session we will hit a use after free bug. Set the tcp_sw_host->session after we have completed session creation and can no longer fail. In the Lin... • https://git.kernel.org/stable/c/496af9d3682ed4c28fb734342a09e6cc0c056ea4 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52973 – vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
https://notcve.org/view.php?id=CVE-2023-52973
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF After a call to console_unlock() in vcs_read() the vc_data struct can be freed by vc_deallocate(). Because of that, the struct vc_data pointer load must be done at the top of while loop in vcs_read() to avoid a UAF when vcs_size() is called. Syzkaller reported a UAF in vcs_size(). BUG: KASAN: use-after-free in vcs_size (drivers/tty/vt/vc_screen.c:215) Read of size 4 a... • https://git.kernel.org/stable/c/ac751efa6a0d70f2c9daef5c7e3a92270f5c2dff • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49761 – btrfs: always report error in run_one_delayed_ref()
https://notcve.org/view.php?id=CVE-2022-49761
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in run_one_delayed_ref() Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging. This patch will: - Add extra info for error reporting Including: * logical bytenr * num_bytes * type * action * ref_mod - Replace the btrfs_debug() with btrfs_err() - Move the e... • https://git.kernel.org/stable/c/18bd1c9c02e64a3567f90c83c2c8b855531c8098 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49757 – EDAC/highbank: Fix memory leak in highbank_mc_probe()
https://notcve.org/view.php?id=CVE-2022-49757
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: EDAC/highbank: Fix memory leak in highbank_mc_probe() When devres_open_group() fails, it returns -ENOMEM without freeing memory allocated by edac_mc_alloc(). Call edac_mc_free() on the error handling path to avoid a memory leak. [ bp: Massage commit message. ] In the Linux kernel, the following vulnerability has been resolved: EDAC/highbank: Fix memory leak in highbank_mc_probe() When devres_open_group() fails, it returns -ENOMEM without fr... • https://git.kernel.org/stable/c/a1b01edb274518c7da6d69b84e7558c092282aad •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49755 – usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
https://notcve.org/view.php?id=CVE-2022-49755
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait While performing fast composition switch, there is a possibility that the process of ffs_ep0_write/ffs_ep0_read get into a race condition due to ep0req being freed up from functionfs_unbind. Consider the scenario that the ffs_ep0_write calls the ffs_ep0_queue_wait by taking a lock &ffs->ev.waitq.lock. However, the functionfs_unbind isn't bounded so it can go ahead and mark the ep0req... • https://git.kernel.org/stable/c/ddf8abd2599491cbad959c700b90ba72a5dce8d0 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49753 – dmaengine: Fix double increment of client_count in dma_chan_get()
https://notcve.org/view.php?id=CVE-2022-49753
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of client_count in dma_chan_get() The first time dma_chan_get() is called for a channel the channel client_count is incorrectly incremented twice for public channels, first in balance_ref_count(), and again prior to returning. This results in an incorrect client count which will lead to the channel resources not being freed when they should be. A simple test of repeated module load and unload of async_tx on a... • https://git.kernel.org/stable/c/d2f4f99db3e9ec8b063cf2e45704e2bb95428317 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49751 – w1: fix WARNING after calling w1_process()
https://notcve.org/view.php?id=CVE-2022-49751
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: w1: fix WARNING after calling w1_process() I got the following WARNING message while removing driver(ds2482): ------------[ cut here ]------------ do not call blocking ops when !TASK_RUNNING; state=1 set at [<000000002d50bfb6>] w1_process+0x9e/0x1d0 [wire] WARNING: CPU: 0 PID: 262 at kernel/sched/core.c:9817 __might_sleep+0x98/0xa0 CPU: 0 PID: 262 Comm: w1_bus_master1 Tainted: G N 6.1.0-rc3+ #307 RIP: 0010:__might_sleep+0x98/0xa0 Call Trace... • https://git.kernel.org/stable/c/3c52e4e627896b42152cc6ff98216c302932227e •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49750 – cpufreq: CPPC: Add u64 casts to avoid overflowing
https://notcve.org/view.php?id=CVE-2022-49750
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Add u64 casts to avoid overflowing The fields of the _CPC object are unsigned 32-bits values. To avoid overflows while using _CPC's values, add 'u64' casts. In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Add u64 casts to avoid overflowing The fields of the _CPC object are unsigned 32-bits values. To avoid overflows while using _CPC's values, add 'u64' casts. • https://git.kernel.org/stable/c/7d596bbc66a52ff2c7a83d7e0ee840cb07e2a045 •