CVE-2024-35830 – media: tc358743: register v4l2 async device only after successful setup
https://notcve.org/view.php?id=CVE-2024-35830
In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: media: tc358743: registre el dispositivo asíncrono v4l2 solo después de una configuración exitosa Asegúrese de que el dispositivo se haya configurado correctamente antes de registrar el dispositivo asíncrono v4l2, permitiendo así el acceso al espacio de usuario. • https://git.kernel.org/stable/c/4c5211a100399c3823563193dd881dcb3b7d24fc https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24 https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6 https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7 https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468 https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7 •
CVE-2024-35829 – drm/lima: fix a memleak in lima_heap_alloc
https://notcve.org/view.php?id=CVE-2024-35829
In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima_heap_alloc When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/lima: corregida una fuga de mem en lima_heap_alloc Cuando falla lima_vm_map_bo, es necesario desasignar los recursos o habrá fugas de memoria. • https://git.kernel.org/stable/c/6aebc51d7aeff5a30d86485f320f0c871b5f23a4 https://git.kernel.org/stable/c/f2e80ac9344aebbff576453d5c0290b332e187ed https://git.kernel.org/stable/c/746606d37d662c70ae1379fc658ee9c65f06880f https://git.kernel.org/stable/c/f6d51a91b41704704e395de6839c667b0f810bbf https://git.kernel.org/stable/c/8e25c0ee5665e8a768b8e21445db1f86e9156eb7 https://git.kernel.org/stable/c/4ab14eccf5578af1dd5668a5f2d771df27683cab https://git.kernel.org/stable/c/ec6bb037e4a35fcbb5cd7bc78242d034ed893fcd https://git.kernel.org/stable/c/04ae3eb470e52a3c41babe85ff8cee195 •
CVE-2024-35828 – wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
https://notcve.org/view.php?id=CVE-2024-35828
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer(). En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: libertas: arreglados algunas memleaks en lbs_allocate_cmd_buffer() En la declaración for de lbs_allocate_cmd_buffer(), si falló la asignación de cmdarray[i].cmdbuf, tanto cmdarray como cmdarray[i] Es necesario liberar ].cmdbuf. De lo contrario, habrá fugas de memoria en lbs_allocate_cmd_buffer(). • https://git.kernel.org/stable/c/876c9d3aeb989cf1961f2c228d309ba5dcfb1172 https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186 https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7 https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2 https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9 https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3 https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23ed •
CVE-2024-35827 – io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
https://notcve.org/view.php?id=CVE-2024-35827
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() The "controllen" variable is type size_t (unsigned long). Casting it to int could lead to an integer underflow. The check_add_overflow() function considers the type of the destination which is type int. If we add two positive values and the result cannot fit in an integer then that's counted as an overflow. However, if we cast "controllen" to an int and it turns negative, then negative values *can* fit into an int type so there is no overflow. Good: 100 + (unsigned long)-4 = 96 <-- overflow Bad: 100 + (int)-4 = 96 <-- no overflow I deleted the cast of the sizeof() as well. That's not a bug but the cast is unnecessary. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring/net: corregida la comprobación de desbordamiento en io_recvmsg_mshot_prep() La variable "controllen" es de tipo size_t (largo sin firmar). • https://git.kernel.org/stable/c/9b0fc3c054ff2eb13753104884f1045b5bb3a627 https://git.kernel.org/stable/c/868ec868616438df487b9e2baa5a99f8662cc47c https://git.kernel.org/stable/c/59a534690ecc3af72c6ab121aeac1237a4adae66 https://git.kernel.org/stable/c/0c8c74bb59e7d77554016efc34c2d10376985e5e https://git.kernel.org/stable/c/b6563ad0d599110bd5cf8f56c47d279c3ed796fe https://git.kernel.org/stable/c/8ede3db5061bb1fe28e2c9683329aafa89d2b1b4 •
CVE-2023-52663 – ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()
https://notcve.org/view.php?id=CVE-2023-52663
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never called to deallocate the memory, which results in a memory leak. Fix the issue by switching to devm_kasprintf(). Additionally, ensure the allocation was successful by checking the pointer validity. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: SOF: amd: corrige la pérdida de memoria en amd_sof_acp_probe() El controlador usa kasprintf() para inicializar los miembros fw_{code,data}_bin de la estructura acp_dev_data, pero kfree() nunca se llama para desasignar la memoria, lo que resulta en una pérdida de memoria. Solucione el problema cambiando a devm_kasprintf(). Además, asegúrese de que la asignación se haya realizado correctamente comprobando la validez del puntero. • https://git.kernel.org/stable/c/f7da88003c53cf0eedabe609324a047b1921dfcc https://git.kernel.org/stable/c/88028c45d5871dfc449b2b0a27abf6428453a5ec https://git.kernel.org/stable/c/be4760799c6a7c01184467287f0de41e0dd255f8 https://git.kernel.org/stable/c/7296152e58858f928db448826eb7ba5ae611297b https://git.kernel.org/stable/c/222be59e5eed1554119294edc743ee548c2371d0 •