CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52576 – x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
https://notcve.org/view.php?id=CVE-2023-52576
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer() The code calling ima_free_kexec_buffer() runs long after the memblock allocator has already been torn down, potentially resulting in a use after free in memblock_isolate_range(). With KASAN or KFENCE, this use after free will result in a BUG from the idle task, and a subsequent kernel panic. Switch ima_free_kexec_buffer() over to memblock_free_late() to avoid that bug... • https://git.kernel.org/stable/c/fee3ff99bc67604fba77f19da0106f3ec52b1956 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52574 – team: fix null-ptr-deref when team device type is changed
https://notcve.org/view.php?id=CVE-2023-52574
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q] ... Call Trace: <TASK> ? __die+0x24/0x70 ? page_fault_oops+0x82/0x150 ? exc_page_fault+0x69/0x150 ? • https://git.kernel.org/stable/c/1d76efe1577b4323609b1bcbfafa8b731eda071a • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52573 – net: rds: Fix possible NULL-pointer dereference
https://notcve.org/view.php?id=CVE-2023-52573
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: rds: Fix possible NULL-pointer dereference In rds_rdma_cm_event_handler_cmn() check, if conn pointer exists before dereferencing it as rdma_set_service_type() argument Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: net: rds: Fix possible NULL-pointer dereference In rds_rdma_cm_event_handler_cmn() check, if conn pointer exists before dereferencing it ... • https://git.kernel.org/stable/c/fd261ce6a30e01ad67c416e2c67e263024b3a6f9 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52572 – cifs: Fix UAF in cifs_demultiplex_thread()
https://notcve.org/view.php?id=CVE-2023-52572
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifs_demultiplex_thread() There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/923 CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45 ... Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52571 – power: supply: rk817: Fix node refcount leak
https://notcve.org/view.php?id=CVE-2023-52571
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: power: supply: rk817: Fix node refcount leak Dan Carpenter reports that the Smatch static checker warning has found that there is another refcount leak in the probe function. While of_node_put() was added in one of the return paths, it should in fact be added for ALL return paths that return an error and at driver removal time. In the Linux kernel, the following vulnerability has been resolved: power: supply: rk817: Fix node refcount leak D... • https://git.kernel.org/stable/c/7d1e3961725e69774871b081a065c2b3640c5f0e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52570 – vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent()
https://notcve.org/view.php?id=CVE-2023-52570
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent() Inject fault while probing mdpy.ko, if kstrdup() of create_dir() fails in kobject_add_internal() in kobject_init_and_add() in mdev_type_add() in parent_create_sysfs_files(), it will return 0 and probe successfully. And when rmmod mdpy.ko, the mdpy_dev_exit() will call mdev_unregister_parent(), the mdev_type_remove() may traverse uninitialized parent->types[i] in parent_remove_... • https://git.kernel.org/stable/c/da44c340c4fe9d9653ae84fa6a60f406bafcffce •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52569 – btrfs: remove BUG() after failure to insert delayed dir index item
https://notcve.org/view.php?id=CVE-2023-52569
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG() after failure to insert delayed dir index item Instead of calling BUG() when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we have allocated/acquired before and return the error to the caller. This is fine because all existing call chains undo anything they have done before calling btrfs_insert_delayed_dir_index() or BUG_ON (when creating pending snapshots ... • https://git.kernel.org/stable/c/39c4a9522db0072570d602e9b365119e17fb9f4f •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52568 – x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
https://notcve.org/view.php?id=CVE-2023-52568
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race The SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an enclave and set secs.epc_page to NULL. The SECS page is used for EAUG and ELDU in the SGX page fault handler. However, the NULL check for secs.epc_page is only done for ELDU, not EAUG before being used. Fix this by doing the same NULL check and reloading of the SECS page as needed for both EAUG and ELDU. The SECS pa... • https://git.kernel.org/stable/c/5a90d2c3f5ef87717e54572af8426aba6fdbdaa6 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-52567 – serial: 8250_port: Check IRQ data before use
https://notcve.org/view.php?id=CVE-2023-52567
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250_port: Check IRQ data before use In case the leaf driver wants to use IRQ polling (irq = 0) and IIR register shows that an interrupt happened in the 8250 hardware the IRQ data can be NULL. In such a case we need to skip the wake event as we came to this path from the timer interrupt and quite likely system is already awake. Without this fix we have got an Oops: serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16... • https://git.kernel.org/stable/c/edfe57aedff4ecf3606533aabf8ecf7676c3c5d9 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52566 – nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
https://notcve.org/view.php?id=CVE-2023-52566
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the reference count of bh when the call to nilfs_dat_translate() fails. If the reference count hits 0 and its owner page gets unlocked, bh may be freed. However, bh->b_page is dereferenced to put the page after that, which may result in a use-after-free bug. This patch moves the release operation after u... • https://git.kernel.org/stable/c/a3d93f709e893187d301aa5458b2248db9f22bd1 • CWE-416: Use After Free •