CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2023-52567 – serial: 8250_port: Check IRQ data before use
https://notcve.org/view.php?id=CVE-2023-52567
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250_port: Check IRQ data before use In case the leaf driver wants to use IRQ polling (irq = 0) and IIR register shows that an interrupt happened in the 8250 hardware the IRQ data can be NULL. In such a case we need to skip the wake event as we came to this path from the timer interrupt and quite likely system is already awake. Without this fix we have got an Oops: serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200)... • https://git.kernel.org/stable/c/edfe57aedff4ecf3606533aabf8ecf7676c3c5d9 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52566 – nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
https://notcve.org/view.php?id=CVE-2023-52566
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the reference count of bh when the call to nilfs_dat_translate() fails. If the reference count hits 0 and its owner page gets unlocked, bh may be freed. However, bh->b_page is dereferenced to put the page after that, which may result in a use-after-free bug. This patch moves the release operation af... • https://git.kernel.org/stable/c/a3d93f709e893187d301aa5458b2248db9f22bd1 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52564 – Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux"
https://notcve.org/view.php?id=CVE-2023-52564
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" This reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The commit above is reverted as it did not solve the original issue. gsm_cleanup_mux() tries to free up the virtual ttys by calling gsm_dlci_release() for each available DLCI. There, dlci_put() is called to decrease the reference counter for the DLCI via tty_port_put() which finally calls gsm_dlci_free(). This already clears the... • https://git.kernel.org/stable/c/8fc0eabaa73bbd9bd705577071564616da5c8c61 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52563 – drm/meson: fix memory leak on ->hpd_notify callback
https://notcve.org/view.php?id=CVE-2023-52563
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix memory leak on ->hpd_notify callback The EDID returned by drm_bridge_get_edid() needs to be freed. • https://git.kernel.org/stable/c/e098989a9219f4456047f9b0e8c44f03e29a843e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52562 – mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy()
https://notcve.org/view.php?id=CVE-2023-52562
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache (at rmmod time), we might end up releasing the kmem_cache object without removing it from the slab_caches list thus corrupting the list as kmem_cache_destroy() ignores the return value from shutdown_cache(), which in turn never... • https://git.kernel.org/stable/c/0495e337b7039191dfce6e03f5f830454b1fae6b • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52561 – arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved
https://notcve.org/view.php?id=CVE-2023-52561
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved Adding a reserved memory region for the framebuffer memory (the splash memory region set up by the bootloader). It fixes a kernel panic (arm-smmu: Unhandled context fault at this particular memory region) reported on DB845c running v5.10.y. • https://git.kernel.org/stable/c/dc1ab6577475b0460ba4261cd9caec37bd62ca0b •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52560 – mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
https://notcve.org/view.php?id=CVE-2023-52560
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected. Since commit 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary variables"), the damon_destroy_ctx() is removed, but still call damon_new_target() and damon_new_region(), the damon_region which is allocated by kmem_... • https://git.kernel.org/stable/c/9f86d624292c238203b3687cdb870a2cde1a6f9b • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52559 – iommu/vt-d: Avoid memory allocation in iommu_suspend()
https://notcve.org/view.php?id=CVE-2023-52559
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommu_suspend() The iommu_suspend() syscore suspend callback is invoked with IRQ disabled. Allocating memory with the GFP_KERNEL flag may re-enable IRQs during the suspend callback, which can cause intermittent suspend/hibernation problems with the following kernel traces: Calling iommu_suspend+0x0/0x1d0 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 15 at kernel/time/timekeeping.c:868 kt... • https://git.kernel.org/stable/c/33e07157105e472b746b70b3ed4197c57c43ab68 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52518 – Bluetooth: hci_codec: Fix leaking content of local_codecs
https://notcve.org/view.php?id=CVE-2023-52518
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_codec: Fix leaking content of local_codecs The following memory leak can be observed when the controller supports codecs which are stored in local_codecs list but the elements are never freed: unreferenced object 0xffff88800221d840 (size 32): comm "kworker/u3:0", pid 36, jiffies 4294898739 (age 127.060s) hex dump (first 32 bytes): f8 d3 02 03 80 88 ff ff 80 d8 21 02 80 88 ff ff ..........!..... 00 00 00 00 00 ... • https://git.kernel.org/stable/c/8961987f3f5fa2f2618e72304d013c8dd5e604a6 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52532 – net: mana: Fix TX CQE error handling
https://notcve.org/view.php?id=CVE-2023-52532
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type (probably from a newer hardware), still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by injecting corrupted packets, so replace the WARN_ONCE to ratelimited error logging. Ubuntu Security Notice 7166-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use thes... • https://git.kernel.org/stable/c/ca9c54d2d6a5ab2430c4eda364c77125d62e5e0f •